Commit 3dc9834fb0 for openssl.org

commit 3dc9834fb0da094a0f71d82f404f07d6bcc6a3b4
Author: Eugene Syromiatnikov <esyr@openssl.org>
Date:   Mon Feb 23 05:09:06 2026 +0100

    ssl/ech/ech_internal.c: avoid memory leak in ossl_ech_get_retry_configs()

    Free the temporarily allocated memory before returning on failed size
    overflow check.

    Resolves: https://scan5.scan.coverity.com/#/project-view/65248/10222?selectedIssue=1681458
    Fixes: 0bdae603e82f "ossl_ech_get_retry_configs(): Check for integer overflow"
    Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>

    Reviewed-by: Matt Caswell <matt@openssl.org>
    Reviewed-by: Tomas Mraz <tomas@openssl.org>
    MergeDate: Wed Feb 25 11:10:43 2026
    (Merged from https://github.com/openssl/openssl/pull/30139)

diff --git a/ssl/ech/ech_internal.c b/ssl/ech/ech_internal.c
index 967b6d403c..68dd1d1fb6 100644
--- a/ssl/ech/ech_internal.c
+++ b/ssl/ech/ech_internal.c
@@ -254,7 +254,7 @@ int ossl_ech_get_retry_configs(SSL_CONNECTION *s, unsigned char **rcfgs,
         ee = sk_OSSL_ECHSTORE_ENTRY_value(es->entries, i);
         if (ee != NULL && ee->for_retry == OSSL_ECH_FOR_RETRY) {
             if (ee->encoded_len > SIZE_MAX - retslen)
-                return 0;
+                goto err;
             tmp = (unsigned char *)OPENSSL_realloc(rets,
                 retslen + ee->encoded_len);
             if (tmp == NULL)