Commit 6f01df42cd for openssl.org

commit 6f01df42cd0fff76dc789e50f5f86addd6103192
Author: huanghuihui0904 <625173@qq.com>
Date:   Thu Mar 12 21:01:30 2026 +0800

    apps/cmp.c: fix leak of out_trusted in setup_verification_ctx()

    setup_verification_ctx() allocates out_trusted via load_trusted() and passes
    it to OSSL_CMP_CTX_set_certConf_cb_arg(). Since the argument is not consumed,
    it must be freed on failure. The fix is to free out_trusted if
    OSSL_CMP_CTX_set_certConf_cb_arg() fails.

    Fixes #30377

    Signed-off-by: huanghuihui0904 <625173@qq.com>

    Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
    Reviewed-by: Tomas Mraz <tomas@openssl.foundation>
    MergeDate: Tue Mar 24 17:34:49 2026
    (Merged from https://github.com/openssl/openssl/pull/30392)

diff --git a/apps/cmp.c b/apps/cmp.c
index c716c86e58..c28627b216 100644
--- a/apps/cmp.c
+++ b/apps/cmp.c
@@ -1425,7 +1425,10 @@ static int setup_verification_ctx(OSSL_CMP_CTX *ctx)
         out_vpm = X509_STORE_get0_param(out_trusted);
         X509_VERIFY_PARAM_clear_flags(out_vpm, X509_V_FLAG_USE_CHECK_TIME);

-        (void)OSSL_CMP_CTX_set_certConf_cb_arg(ctx, out_trusted);
+        if (!OSSL_CMP_CTX_set_certConf_cb_arg(ctx, out_trusted)) {
+            X509_STORE_free(out_trusted);
+            return 0;
+        }
     }

     if (opt_disable_confirm)