From: Eugene Syromiatnikov <esyr@openssl.org>
Date: Mon, 23 Feb 2026 03:22:24 +0000 (+0100)
Subject: apps/s_server.c: call OPENSSL_DIR_end after directory traversal in ech_load_dir
X-Git-Tag: openssl-4.0.0-alpha1~115
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2bd2451da269fe16279145c9824cd1464411dc7d;p=thirdparty%2Fopenssl.git

apps/s_server.c: call OPENSSL_DIR_end after directory traversal in ech_load_dir

While it is not documented, OPENSSL_DIR_end() is to be called at the end
of directory traversal to free the context and avoid leaking memory.

Resolves: https://scan5.scan.coverity.com/#/project-view/65248/10222?selectedIssue=1681464
Fixes: a2e5848d9d11 "s_client and s_server options for ECH"
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Wed Feb 25 11:10:39 2026
(Merged from https://github.com/openssl/openssl/pull/30139)
---

diff --git a/apps/s_server.c b/apps/s_server.c
index 07717e75377..903e436e237 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -1623,6 +1623,8 @@ static int ech_load_dir(SSL_CTX *lctx, const char *thedir,
             BIO_printf(bio_s_out, "Added ECH key pair from: %s\n", thisfile);
         loaded++;
     }
+    OPENSSL_DIR_end(&d);
+
     if (SSL_CTX_set1_echstore(lctx, es) != 1) {
         BIO_puts(bio_err, "ECH: Internal error\n");
         goto end;