From: huanghuihui0904 <625173@qq.com>
Date: Thu, 12 Mar 2026 13:01:30 +0000 (+0800)
Subject: apps/cmp.c: fix leak of out_trusted in setup_verification_ctx()
X-Git-Tag: openssl-4.0.0~110
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4b52102ecfc56d18758df53ef85df48c833098b6;p=thirdparty%2Fopenssl.git

apps/cmp.c: fix leak of out_trusted in setup_verification_ctx()

setup_verification_ctx() allocates out_trusted via load_trusted() and passes
it to OSSL_CMP_CTX_set_certConf_cb_arg(). Since the argument is not consumed,
it must be freed on failure. The fix is to free out_trusted if
OSSL_CMP_CTX_set_certConf_cb_arg() fails.

Fixes #30377

Signed-off-by: huanghuihui0904 <625173@qq.com>

Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.foundation>
MergeDate: Tue Mar 24 17:34:49 2026
(Merged from https://github.com/openssl/openssl/pull/30392)

(cherry picked from commit 6f01df42cd0fff76dc789e50f5f86addd6103192)
---

diff --git a/apps/cmp.c b/apps/cmp.c
index c716c86e58d..c28627b2169 100644
--- a/apps/cmp.c
+++ b/apps/cmp.c
@@ -1425,7 +1425,10 @@ static int setup_verification_ctx(OSSL_CMP_CTX *ctx)
         out_vpm = X509_STORE_get0_param(out_trusted);
         X509_VERIFY_PARAM_clear_flags(out_vpm, X509_V_FLAG_USE_CHECK_TIME);
 
-        (void)OSSL_CMP_CTX_set_certConf_cb_arg(ctx, out_trusted);
+        if (!OSSL_CMP_CTX_set_certConf_cb_arg(ctx, out_trusted)) {
+            X509_STORE_free(out_trusted);
+            return 0;
+        }
     }
 
     if (opt_disable_confirm)