From 5ee289eaf6fa747e6b63b989c7a79ff1c9c95db3 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Wed, 25 Jan 2017 14:45:12 +0000 Subject: [PATCH] Fix memory leaks in the Certificate extensions code After collecting extensions we must free them again. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/2284) --- ssl/statem/statem_clnt.c | 5 ++++- ssl/statem/statem_srvr.c | 5 ++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index 80ae480b12..6599d432e6 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -1425,8 +1425,11 @@ MSG_PROCESS_RETURN tls_process_server_certificate(SSL *s, PACKET *pkt) if (!tls_collect_extensions(s, &extensions, EXT_TLS1_3_CERTIFICATE, &rawexts, &al) || !tls_parse_all_extensions(s, EXT_TLS1_3_CERTIFICATE, - rawexts, x, chainidx, &al)) + rawexts, x, chainidx, &al)) { + OPENSSL_free(rawexts); goto f_err; + } + OPENSSL_free(rawexts); } if (!sk_X509_push(sk, x)) { diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 4d6afd6bc5..3bde0d6b4a 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -3061,8 +3061,11 @@ MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, PACKET *pkt) if (!tls_collect_extensions(s, &extensions, EXT_TLS1_3_CERTIFICATE, &rawexts, &al) || !tls_parse_all_extensions(s, EXT_TLS1_3_CERTIFICATE, - rawexts, x, chainidx, &al)) + rawexts, x, chainidx, &al)) { + OPENSSL_free(rawexts); goto f_err; + } + OPENSSL_free(rawexts); } if (!sk_X509_push(sk, x)) {