Commit 0d2874b37a for openssl.org

commit 0d2874b37a6b1da258aac81bd647fc02cbdf5547
Author: YZL0v3ZZ <2055877225@qq.com>
Date:   Wed Mar 11 21:48:14 2026 +0800

    Fix resource leak in crls_http_cb()

    When the function fails to push the second CRL to the stack, it
    incorrectly uses sk_X509_CRL_free() instead of sk_X509_CRL_pop_free().
    This destroys the stack container but orphans previously pushed
    X509_CRL objects.

    Replace it with sk_X509_CRL_pop_free passing X509_CRL_free as the
    cleanup routine to ensure deep deallocation of any pushed items.

    Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
    Reviewed-by: Tomas Mraz <tomas@openssl.org>
    Reviewed-by: Paul Dale <paul.dale@oracle.com>
    Reviewed-by: Norbert Pocs <norbertp@openssl.org>
    Reviewed-by: Todd Short <todd.short@me.com>
    (Merged from https://github.com/openssl/openssl/pull/30372)

diff --git a/apps/lib/apps.c b/apps/lib/apps.c
index e8d868f314..8747c03028 100644
--- a/apps/lib/apps.c
+++ b/apps/lib/apps.c
@@ -2677,7 +2677,7 @@ static STACK_OF(X509_CRL) *crls_http_cb(const X509_STORE_CTX *ctx,

 error:
     X509_CRL_free(crl);
-    sk_X509_CRL_free(crls);
+    sk_X509_CRL_pop_free(crls, X509_CRL_free);
     return NULL;
 }