[alts] Fix memory leak in `atls_frame_protector.cc::alts_create_frame_protector()` (#37737)

Fix https://github.com/grpc/grpc/issues/37727.

A better idea might be to set up Fuzzing for these APIs to find those sort of things. Maybe that can be a next step if we want to further hardening things.

<!--

If you know who should review your pull request, please assign it to that
person, otherwise the pull request would get assigned randomly.

If your pull request is for a specific language, please add the appropriate
lang label.

-->

Closes #37737

COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/37737 from yijiem:memory-leak-alts-2 6be8a49e63
PiperOrigin-RevId: 677880955

src/core/tsi/alts/frame_protector/alts_frame_protector.cc

@@ -380,6 +380,7 @@ tsi_result alts_create_frame_protector(const uint8_t* key, size_t key_size,
   if (status != GRPC_STATUS_OK) {
     LOG(ERROR) << "Failed to create ALTS crypters, " << error_details;
     gpr_free(error_details);
+    gpr_free(impl);
     return TSI_INTERNAL_ERROR;
   }
   ///

test/core/tsi/alts/frame_protector/alts_frame_protector_test.cc

@@ -402,6 +402,19 @@ TEST(AltsFrameProtectorTest, MainTest) {
   alts_test_do_round_trip_all(/*rekey=*/true);
 }
 
+TEST(AltsFrameProtectorTest, MemoryLeakTest) {
+  tsi_frame_protector* client_frame_protector = nullptr;
+  // Create a key with a wrong key length (off-by-one).
+  uint8_t* key = nullptr;
+  size_t key_length = kAes128GcmKeyLength - 1;
+  gsec_test_random_array(&key, key_length);
+  EXPECT_EQ(alts_create_frame_protector(key, key_length, /*is_client=*/true,
+                                        /*is_rekey=*/false, nullptr,
+                                        &client_frame_protector),
+            TSI_INTERNAL_ERROR);
+  gpr_free(key);
+}
+
 int main(int argc, char** argv) {
   ::testing::InitGoogleTest(&argc, argv);
   return RUN_ALL_TESTS();