Commit df29f02425 for openssl.org

commit df29f024251d44d26632c1c51ef544ce46cb037e
Author: Weidong Wang <kenazcharisma@gmail.com>
Date:   Tue Mar 17 12:23:58 2026 -0500

    Fix SSL_SESSION leak in tls_parse_ctos_psk() on ticket error paths

    Two early 'return 0' statements bypass the err: label cleanup that
    calls SSL_SESSION_free(sess). When tls_decrypt_ticket() allocates an
    SSL_SESSION but the decrypt_ticket_cb returns ABORT, the session is
    leaked. Replace 'return 0' with 'goto err' so the existing cleanup
    handles it.

    Reviewed-by: Neil Horman <nhorman@openssl.org>
    Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
    MergeDate: Wed May 20 14:38:01 2026
    (Merged from https://github.com/openssl/openssl/pull/30464)

diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c
index de09706ab6..0460cd79e7 100644
--- a/ssl/statem/extensions_srvr.c
+++ b/ssl/statem/extensions_srvr.c
@@ -1461,13 +1461,13 @@ int tls_parse_ctos_psk(SSL_CONNECTION *s, PACKET *pkt, unsigned int context,

             if (ret == SSL_TICKET_EMPTY) {
                 SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION);
-                return 0;
+                goto err;
             }

             if (ret == SSL_TICKET_FATAL_ERR_MALLOC
                 || ret == SSL_TICKET_FATAL_ERR_OTHER) {
                 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
-                return 0;
+                goto err;
             }
             if (ret == SSL_TICKET_NONE || ret == SSL_TICKET_NO_DECRYPT)
                 continue;