From 7a8cbd1c4ffd04ad458cd27da2c9f3a9b7d378c0 Mon Sep 17 00:00:00 2001
From: lan1120 <lanming@huawei.com>
Date: Fri, 19 Sep 2025 18:45:30 +0800
Subject: [PATCH] Fix the abnormal branch memory leak in ssl_set_cert_and_key
 function

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28619)

(cherry picked from commit e7f88391867dd71dc0ef37646f497411bea5350c)
---
 ssl/ssl_rsa.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c
index a1ea7ed105d..d2b7b171c87 100644
--- a/ssl/ssl_rsa.c
+++ b/ssl/ssl_rsa.c
@@ -1056,10 +1056,13 @@ static int ssl_set_cert_and_key(SSL *ssl, SSL_CTX *ctx, X509 *x509, EVP_PKEY *pr
         }
     }
 
-    if (!X509_up_ref(x509))
+    if (!X509_up_ref(x509)) {
+        OSSL_STACK_OF_X509_free(dup_chain);
         goto out;
+    }
 
     if (!EVP_PKEY_up_ref(privatekey)) {
+        OSSL_STACK_OF_X509_free(dup_chain);
         X509_free(x509);
         goto out;
     }
-- 
2.47.3