From a6c940a7523a05822e40a164e949341009a3ff44 Mon Sep 17 00:00:00 2001
From: x2018 <xkernel.wang@foxmail.com>
Date: Mon, 17 Nov 2025 02:25:57 +0800
Subject: [PATCH] schannel_verify: fix a memory leak of cert_context

Closes #19556
---
 lib/vtls/schannel_verify.c | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/lib/vtls/schannel_verify.c b/lib/vtls/schannel_verify.c
index 6b8aec5613..72c42ed353 100644
--- a/lib/vtls/schannel_verify.c
+++ b/lib/vtls/schannel_verify.c
@@ -166,6 +166,7 @@ static CURLcode add_certs_data_to_store(HCERTSTORE trust_store,
 
         cert_blob.pbData = (BYTE *)CURL_UNCONST(begin_cert_ptr);
         cert_blob.cbData = cert_size;
+        /* Caution: CryptQueryObject() is deprecated */
         if(!CryptQueryObject(CERT_QUERY_OBJECT_BLOB,
                              &cert_blob,
                              CERT_QUERY_CONTENT_FLAG_CERT,
@@ -204,7 +205,6 @@ static CURLcode add_certs_data_to_store(HCERTSTORE trust_store,
                                                cert_context,
                                                CERT_STORE_ADD_ALWAYS,
                                                NULL);
-            CertFreeCertificateContext(cert_context);
             if(!add_cert_result) {
               char buffer[WINAPI_ERROR_LEN];
               failf(data,
@@ -220,6 +220,21 @@ static CURLcode add_certs_data_to_store(HCERTSTORE trust_store,
               num_certs++;
             }
           }
+
+          switch(actual_content_type) {
+          case CERT_QUERY_CONTENT_CERT:
+          case CERT_QUERY_CONTENT_SERIALIZED_CERT:
+            CertFreeCertificateContext(cert_context);
+            break;
+          case CERT_QUERY_CONTENT_CRL:
+          case CERT_QUERY_CONTENT_SERIALIZED_CRL:
+            CertFreeCRLContext((PCCRL_CONTEXT)cert_context);
+            break;
+          case CERT_QUERY_CONTENT_CTL:
+          case CERT_QUERY_CONTENT_SERIALIZED_CTL:
+            CertFreeCTLContext((PCCTL_CONTEXT)cert_context);
+            break;
+          }
         }
       }
     }
-- 
2.47.3