Memory leak in handle__subscribe

[zyingp]

1. The Leak Position
   There is a leak in the handle__subscribe method line 122 in src/handle_subscribe.c (I test on the version 1.6.10, the the same codes appear in the master branch as well):

    	}else{
    		qos = subscription_options & 0x03;
    		subscription_options &= 0xFC;
   
    		retain_handling = (subscription_options & 0x30);
    		if(retain_handling == 0x30 || (subscription_options & 0xC0) != 0){
    			return MOSQ_ERR_PROTOCOL;    // ** Leak here !!!!!!!**
    		}
    	}
   

2. Possible Fix ?
   I guess the below two lines should be added before the return.

    		mosquitto__free(sub);
    		mosquitto__free(payload);
   

This is also what other return clauses do.

3. Steps to Reproduce
   (1) Build mosquito with ASan enabled. For example:
   $ CFLAGS="-g -O0 -fsanitize=address -fno-omit-frame-pointer" LDFLAGS="-g -O0 -fsanitize=address -fno-omit-frame-pointer" make WITH_TLS=no WITH_STATIC_LIBRARIES=yes
   (2) Run the server in one Terminal
   $ ./src/mosquitto
   (3) Download the sample network input from https://github.com/zyingp/temp/raw/master/mosquito/sub_leak In another Terminal, browse to the folder has sub_leak, run
   $ nc 127.0.0.1 1883 < ./sub_leak
   (4) Hit Ctrl + C in the first Terminal, you should see below output:

$ ./src/mosquitto
1596713851: mosquitto version 1.6.10 starting
1596713851: Using default config.
1596713851: Opening ipv4 listen socket on port 1883.
1596713851: Opening ipv6 listen socket on port 1883.
1596713857: New connection from 127.0.0.1 on port 1883.
1596713857: New client connected from 127.0.0.1 as mosq-zCRdbl4uh2QwXYz6GV (p5, c1, k60).
1596713857: No will message specified.
1596713857: Sending CONNACK to mosq-zCRdbl4uh2QwXYz6GV (0, 0)
1596713857: Received SUBSCRIBE from mosq-zCRdbl4uh2QwXYz6GV
1596713857: Client mosq-zCRdbl4uh2QwXYz6GV disconnected due to protocol error.
^C1596713861: mosquitto version 1.6.10 terminating

=================================================================
==8412==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 9 byte(s) in 1 object(s) allocated from:
#0 0x4dad50 in malloc (/mnt/d/zyp/fuzzer/fuzzed_projects/mqtt-mosquitto/mosquitto-1.6.10/src/mosquitto+0x4dad50)
#1 0x565103 in mosquitto__malloc /mnt/d/zyp/fuzzer/fuzzed_projects/mqtt-mosquitto/mosquitto-1.6.10/src/../lib/memory_mosq.c:91:8
#2 0x56b6da in packet__read_binary /mnt/d/zyp/fuzzer/fuzzed_projects/mqtt-mosquitto/mosquitto-1.6.10/src/../lib/packet_datatypes.c:108:10
#3 0x56bcea in packet__read_string /mnt/d/zyp/fuzzer/fuzzed_projects/mqtt-mosquitto/mosquitto-1.6.10/src/../lib/packet_datatypes.c:126:7
#4 0x5599d9 in handle__subscribe /mnt/d/zyp/fuzzer/fuzzed_projects/mqtt-mosquitto/mosquitto-1.6.10/src/handle_subscribe.c:83:6
#5 0x5903e6 in handle__packet /mnt/d/zyp/fuzzer/fuzzed_projects/mqtt-mosquitto/mosquitto-1.6.10/src/read_handle.c:57:11
#6 0x5703a8 in packet__read /mnt/d/zyp/fuzzer/fuzzed_projects/mqtt-mosquitto/mosquitto-1.6.10/src/../lib/packet_mosq.c:486:7
#7 0x562f2f in loop_handle_reads_writes /mnt/d/zyp/fuzzer/fuzzed_projects/mqtt-mosquitto/mosquitto-1.6.10/src/loop.c:830:10
#8 0x562f2f in mosquitto_main_loop /mnt/d/zyp/fuzzer/fuzzed_projects/mqtt-mosquitto/mosquitto-1.6.10/src/loop.c:513
#9 0x515218 in main /mnt/d/zyp/fuzzer/fuzzed_projects/mqtt-mosquitto/mosquitto-1.6.10/src/mosquitto.c:372:7
#10 0x7f826d621b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310

SUMMARY: AddressSanitizer: 9 byte(s) leaked in 1 allocation(s).

FYI: We found the leak by fuzzing.