Thank you David, I just merged it!
On Wed, Feb 18, 2026 at 09:55:00PM +0000, David Carlier wrote:
> Subject: [PATCH] BUG/MINOR: acme: fix X509_NAME leak when
> X509_set_issuer_name() fails
> In acme_gen_tmp_x509(), if X509_set_issuer_name() fails, the code
> jumped to the mkcert_error label without freeing the previously
> allocated X509_NAME object. The other error paths after X509_NAME_new()
> (X509_NAME_add_entry_by_txt and X509_set_subject_name) already properly
> freed the name before jumping to mkcert_error, but this one was missed.
>
> Fix this by freeing name before the goto, consistent with the other
> error paths in the same function.
> ---
> src/acme.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/src/acme.c b/src/acme.c
> index b8ad8df67..f14759747 100644
> --- a/src/acme.c
> +++ b/src/acme.c
> @@ -2681,8 +2681,10 @@ X509 *acme_gen_tmp_x509()
> goto mkcert_error;
> }
> /* Set issuer name as itself */
> - if (X509_set_issuer_name(newcrt, name) != 1)
> + if (X509_set_issuer_name(newcrt, name) != 1) {
> + X509_NAME_free(name);
> goto mkcert_error;
> + }
> X509_NAME_free(name);
>
> /* Autosign the certificate with the private key */
> --
> 2.51.0
>
>
>
--
William Lallemand
