There is a memory leak defect in line 3315 of the file /openssl/apps/cmp.c.

[LuMingYinDetect]

1.On line 3304 of the file /openssl/apps/cmp.c, a pointer variable named req is defined. This pointer variable is allocated a block of dynamic memory through the function OSSL_CMP_ITAV_create on line 3311. When the first condition in the if statement on line 3312 evaluates to false (indicating that the dynamic memory allocation for req was successful) and the second condition evaluates to true, the program will return on line 3315. During this process, the dynamic memory area pointed to by req is neither used nor released, thus constituting a memory leak defect. See the illustration below:
https://github.com/LuMingYinDetect/openssl_defects/blob/main/openssl_17.png

2.The function OSSL_CMP_ITAV_create mentioned above is responsible for allocating a new block of dynamic memory and returning it. Specifically, in OSSL_CMP_ITAV_create, a pointer variable named itav is defined on line 162. This variable is allocated a block of dynamic memory through the function OSSL_CMP_ITAV_new on line 164 and returned on line 167. See the illustration below:
https://github.com/LuMingYinDetect/openssl_defects/blob/main/openssl_18.png