In acme_gen_tmp_x509(), if X509_set_issuer_name() fails, the code
jumped to the mkcert_error label without freeing the previously
allocated X509_NAME object. The other error paths after X509_NAME_new()
(X509_NAME_add_entry_by_txt and X509_set_subject_name) already properly
freed the name before jumping to mkcert_error, but this one was missed.
Fix this by freeing name before the goto, consistent with the other
error paths in the same function.
---
src/acme.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/acme.c b/src/acme.c
index b8ad8df67..f14759747 100644
--- a/src/acme.c
+++ b/src/acme.c
@@ -2681,8 +2681,10 @@ X509 *acme_gen_tmp_x509()
goto mkcert_error;
}
/* Set issuer name as itself */
- if (X509_set_issuer_name(newcrt, name) != 1)
+ if (X509_set_issuer_name(newcrt, name) != 1) {
+ X509_NAME_free(name);
goto mkcert_error;
+ }
X509_NAME_free(name);
/* Autosign the certificate with the private key */
--
2.51.0
