Commit 8be7309f34 for openssl.org

commit 8be7309f34eecac16b23edfa2ea8de7c52a33b3d
Author: 007bsd <22483432+007bsd@users.noreply.github.com>
Date:   Tue Jun 23 21:42:33 2026 +0300

    crypto/x509/v3_ncons.c: fix scheme buffer leak in nc_uri() for schemeless URIs

    OSSL_parse_url() allocates a 1-byte empty-string buffer for the scheme
    even when the URI has no scheme.  The empty-scheme error branch freed
    uri_copy and jumped to end: which only frees host, leaving scheme
    unfreed.  Add OPENSSL_free(scheme) before the goto.

    Assisted-by: Claude:claude-sonnet-4-6
    CLA: trivial
    Fixes: e599893a9fec "x509: allow SAN URIs to contain userinfo"

    Reviewed-by: Tomas Mraz <tomas@openssl.foundation>
    Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
    Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
    MergeDate: Fri Jun 26 15:26:09 2026
    (Merged from https://github.com/openssl/openssl/pull/31678)

diff --git a/crypto/x509/v3_ncons.c b/crypto/x509/v3_ncons.c
index 1a9cf61122..8217bedc7b 100644
--- a/crypto/x509/v3_ncons.c
+++ b/crypto/x509/v3_ncons.c
@@ -791,6 +791,7 @@ static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base)
     if (scheme == NULL || *scheme == '\0') {
         ERR_raise_data(ERR_LIB_X509V3, X509_V_ERR_UNSUPPORTED_NAME_SYNTAX,
             "x509: missing scheme in URI: %s\n", uri_copy);
+        OPENSSL_free(scheme);
         OPENSSL_free(uri_copy);
         ret = X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
         goto end;