Commit d286240daa for openssl.org

commit d286240daa3206c0e7d8b49f0dd6b035170fc41e
Author: YZL0v3ZZ <2055877225@qq.com>
Date:   Wed Mar 11 22:16:48 2026 +0800

    Fix memory leak in get_str_from_file()

    If BIO_gets encounters an empty file or read error, the function
    returns NULL without freeing the dynamically allocated heap block (buf).

    Safely clear and free the allocated buffer before returning NULL on
    the error path. Since get_str_from_file() may handle cryptographic
    keys, OPENSSL_clear_free() is used to prevent leaking sensitive data.

    Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
    Reviewed-by: Paul Dale <paul.dale@oracle.com>
    Reviewed-by: Norbert Pocs <norbertp@openssl.org>
    Reviewed-by: Todd Short <todd.short@me.com>
    (Merged from https://github.com/openssl/openssl/pull/30373)

diff --git a/apps/lib/apps.c b/apps/lib/apps.c
index 8747c03028..6e8167b7e9 100644
--- a/apps/lib/apps.c
+++ b/apps/lib/apps.c
@@ -3824,6 +3824,7 @@ char *get_str_from_file(const char *filename)
     bio = NULL;
     if (n <= 0) {
         BIO_printf(bio_err, "Error reading from %s\n", filename);
+        OPENSSL_clear_free(buf, MAX_KEY_SIZE);
         return NULL;
     }
     tmp = strchr(buf, '\n');