apps/cmp_mock_srv: fix resource leak in process_genm()

If pushing the generated rsp ITAV object into the out stack fails,
the error path frees the stack container but permanently abandons
the newly allocated rsp object.

Explicitly free the rsp structure if it exists and was not pushed
successfully to prevent this memory leak.

Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com>
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
MergeDate: Mon Mar 16 11:16:02 2026
(Merged from https://github.com/openssl/openssl/pull/30374)

(cherry picked from commit b4a964f6c1313d386c45a747820d82a1a5ec4573)

diff --git a/apps/lib/cmp_mock_srv.c b/apps/lib/cmp_mock_srv.c
index 67e8b781ecc5fad217b0c52ccdfde22125963b6f..24c52b30de6a0ea915e43141b54d423932556fef 100644 (file)
--- a/apps/lib/cmp_mock_srv.c
+++ b/apps/lib/cmp_mock_srv.c
@@ -591,6 +591,7 @@ static int process_genm(OSSL_CMP_SRV_CTX *srv_ctx,
         if (rsp != NULL && sk_OSSL_CMP_ITAV_push(*out, rsp))
             return 1;
         sk_OSSL_CMP_ITAV_free(*out);
+        OSSL_CMP_ITAV_free(rsp);
         return 0;
     }