Fix a potential memory leak in apps/s_server.c

Allocate memory for a new SSL session.
If any of these steps fail,
free the key memory and the tmpsess object
before returning 0 to prevent a memory leak.

Fixes: #20110
CLA: trivial

Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/20213)

(cherry picked from commit 8e2552b1eac4957214fed55457f64d7d5164ca37)

diff --git a/apps/s_server.c b/apps/s_server.c
index 8a5ac4c14dc29ea53f7226950de4dd7959da6603..5fa98cd358b6b5d9f64108c078aab892a7be94f9 100644 (file)
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -228,6 +228,7 @@ static int psk_find_session_cb(SSL *ssl, const unsigned char *identity,
             || !SSL_SESSION_set_cipher(tmpsess, cipher)
             || !SSL_SESSION_set_protocol_version(tmpsess, SSL_version(ssl))) {
         OPENSSL_free(key);
+        SSL_SESSION_free(tmpsess);
         return 0;
     }
     OPENSSL_free(key);