On Fri, Mar 20, 2026 at 04:39:28PM +0000, David Carlier wrote: > Subject: [PATCH] BUG/MEDIUM: acme: fix multiple resource leaks in > acme_x509_req() > Several resources were leaked on both success and error paths: > > - X509_NAME *nm was never freed. X509_REQ_set_subject_name() makes > an internal copy, so nm must be freed separately by the caller. > - str_san allocated via my_strndup() was never freed on either path. > - On error paths after allocation, x (X509_REQ) and exts > (STACK_OF(X509_EXTENSION)) were also leaked. > > Fix this by adding proper cleanup of all allocated resources in both > the success and error paths. Also move sk_X509_EXTENSION_pop_free() > after X509_REQ_sign() so it is not skipped when sign fails, and > initialize nm to NULL to make early error paths safe. > > Must be backported as far as 3.3.
Thank you David, merged in master. -- William Lallemand
