CMP client: fix three memory leaks in error handling of the polling mechanism added...

These are in poll_for_response(), OSSL_CMP_try_certreq(), and OSSL_CMP_exec_certreq().

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/28840)

(cherry picked from commit c2e845914a4f999183ceb950e915c5525ccdf643)

diff --git a/crypto/cmp/cmp_client.c b/crypto/cmp/cmp_client.c
index e129705e0e638acb0d48a541e79426f0ad1d515e..c93a1720522f60ed02e805c49c05b523db76d30d 100644 (file)
--- a/crypto/cmp/cmp_client.c
+++ b/crypto/cmp/cmp_client.c
@@ -378,7 +378,7 @@ static int poll_for_response(OSSL_CMP_CTX *ctx, int sleep, int rid,
         } else {
             ossl_cmp_info(ctx, "received final response after polling");
             if (!ossl_cmp_ctx_set1_first_senderNonce(ctx, NULL))
-                return 0;
+                goto err;
             break;
         }
     }
@@ -839,7 +839,7 @@ int OSSL_CMP_try_certreq(OSSL_CMP_CTX *ctx, int req_type,
             goto err;
 
         if (!save_senderNonce_if_waiting(ctx, rep, rid))
-            return 0;
+            goto err;
     } else {
         if (req_type < 0)
             return ossl_cmp_exchange_error(ctx, OSSL_CMP_PKISTATUS_rejection,
@@ -882,7 +882,7 @@ X509 *OSSL_CMP_exec_certreq(OSSL_CMP_CTX *ctx, int req_type,
         goto err;
 
     if (!save_senderNonce_if_waiting(ctx, rep, rid))
-        return 0;
+        goto err;
 
     if (cert_response(ctx, 1 /* sleep */, rid, &rep, NULL, req_type, rep_type)
         <= 0)