Commit f4079c804f for openssl.org

commit f4079c804ffaf363c8723c2589308e43888df820
Author: Alexandr Nedvedicky <sashan@openssl.org>
Date:   Wed Apr 8 11:55:24 2026 +0200

    Fix memory leak in ossl_uint_set_insert()

    There is a missing call to OPENSSL_free() in the branch
    where existing sets are merged to new range. There is
    no evidence/POC OpenSSL poject is aware of the leak can
    be triggered by QUIC protocol operation.

    The issue has been kindly reported by Abhinav Agarwal (@abhinavagarwal07)

    Fixes: c5ca718003e6 "uint_set: convert uint_set to use the list data type"

    Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
    Reviewed-by: Tomas Mraz <tomas@openssl.foundation>
    MergeDate: Wed Apr 15 11:28:41 2026
    (Merged from https://github.com/openssl/openssl/pull/30718)

diff --git a/ssl/quic/uint_set.c b/ssl/quic/uint_set.c
index 81d823e19b..b01110a58e 100644
--- a/ssl/quic/uint_set.c
+++ b/ssl/quic/uint_set.c
@@ -174,6 +174,7 @@ int ossl_uint_set_insert(UINT_SET *s, const UINT_RANGE *range)
         for (x = ossl_list_uint_set_next(x); x != NULL; x = xnext) {
             xnext = ossl_list_uint_set_next(x);
             ossl_list_uint_set_remove(s, x);
+            OPENSSL_free(x);
         }
         return 1;
     }