If the ret is not null, it needs to be released before return

Change-Id: Idcf0fdcc88af509958e56052c1925f3f695bc3e3
Signed-off-by: wangjiale3 <wangjiale3@xiaomi.corp-partner.google.com>
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/58487
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: David Benjamin <davidben@google.com>

crypto/trust_token/pmbtoken.c

diff --git a/crypto/trust_token/pmbtoken.c b/crypto/trust_token/pmbtoken.c
index 2e25cf5..0e3d4bc 100644
--- a/crypto/trust_token/pmbtoken.c
+++ b/crypto/trust_token/pmbtoken.c
@@ -944,17 +944,14 @@
     return NULL;
   }
 
-  int ok = 0;
-  STACK_OF(TRUST_TOKEN) *ret = sk_TRUST_TOKEN_new_null();
-  if (ret == NULL) {
-    return NULL;
-  }
-
   if (count > ((size_t)-1) / sizeof(EC_RAW_POINT) ||
       count > ((size_t)-1) / sizeof(EC_SCALAR)) {
     OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_OVERFLOW);
-    return 0;
+    return NULL;
   }
+
+  int ok = 0;
+  STACK_OF(TRUST_TOKEN) *ret = sk_TRUST_TOKEN_new_null();
   EC_RAW_POINT *Tps = OPENSSL_malloc(count * sizeof(EC_RAW_POINT));
   EC_RAW_POINT *Sps = OPENSSL_malloc(count * sizeof(EC_RAW_POINT));
   EC_RAW_POINT *Wps = OPENSSL_malloc(count * sizeof(EC_RAW_POINT));
@@ -962,11 +959,12 @@
   EC_SCALAR *es = OPENSSL_malloc(count * sizeof(EC_SCALAR));
   CBB batch_cbb;
   CBB_zero(&batch_cbb);
-  if (!Tps ||
-      !Sps ||
-      !Wps ||
-      !Wsps ||
-      !es ||
+  if (ret == NULL ||
+      Tps == NULL ||
+      Sps == NULL ||
+      Wps == NULL ||
+      Wsps == NULL ||
+      es == NULL ||
       !CBB_init(&batch_cbb, 0) ||
       !point_to_cbb(&batch_cbb, method->group, &key->pubs) ||
       !point_to_cbb(&batch_cbb, method->group, &key->pub0) ||