From 77c04f3eb12a560eb61252c817e4147bc0178e43 Mon Sep 17 00:00:00 2001
From: Enji Cooper <ngie@FreeBSD.org>
Date: Tue, 4 Jun 2024 13:01:55 -0700
Subject: [PATCH] radlib: fix a memory leak in `is_valid_request`

Call `HMAC_CTX_free` if returning early from `is_valid_request` when
processing `Message-Authenticator` tags.

Reported by:	Coverity
MFC after:	1 week
Fixes: 8d5c7813061d ("libradius: Fix input validation bugs")
Differential Revision:	https://reviews.freebsd.org/D45488
---
 lib/libradius/radlib.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/libradius/radlib.c b/lib/libradius/radlib.c
index c7d18227021e..f45eb923774b 100644
--- a/lib/libradius/radlib.c
+++ b/lib/libradius/radlib.c
@@ -320,8 +320,10 @@ is_valid_request(struct rad_handle *h)
 	hctx = HMAC_CTX_new();
 	while (pos < len - 2) {
 		alen = h->in[pos + 1];
-		if (alen < 2)
+		if (alen < 2) {
+			HMAC_CTX_free(hctx);
 			return (0);
+		}
 		if (h->in[pos] == RAD_MESSAGE_AUTHENTIC) {
 			if (len - pos < MD5_DIGEST_LENGTH + 2) {
 				HMAC_CTX_free(hctx);