From 1cb437bedb06b7d6518792a2f8e62041b6e6c88b Mon Sep 17 00:00:00 2001
From: Rob Percival <robpercival@google.com>
Date: Mon, 7 Mar 2016 17:23:39 +0000
Subject: [PATCH] CT code now calls X509_free() after calling
 SSL_get_peer_certificate()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Without this, the peer certificate would never be deleted, resulting in
a memory leak.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
---
 ssl/ssl_lib.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 40c4171dec..65558e0174 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -3941,6 +3941,7 @@ static int ct_extract_x509v3_extension_scts(SSL *s)
             ct_move_scts(&s->scts, scts, SCT_SOURCE_X509V3_EXTENSION);
 
         SCT_LIST_free(scts);
+        X509_free(cert);
     }
 
     return scts_extracted;
@@ -4071,6 +4072,7 @@ int SSL_validate_ct(SSL *s)
 
 end:
     CT_POLICY_EVAL_CTX_free(ctx);
+    X509_free(cert);
     return ret;
 }
 
-- 
GitLab