CVSROOT: /cvs Module name: src Changes by: t...@cvs.openbsd.org 2023/08/29 18:49:32
Modified files: lib/libcrypto/x509: x509_alt.c Log message: Fix leaks in copy_issuer() The stack of subject alternative names from the issuer is parsed using X509V3_EXT_d2i(), so it must be freed with sk_GENERAL_NAME_pop_free(). It's not worth doing complicated ownership handling when the individual alternative names can be copied with GENERAL_NAME_dup(). Previously, ialt and its remaining members would be leaked when the call to sk_GENERAL_NAME_push() failed halfway through. This is only reachable via the issuer:copy x509v3.cnf(5) directive. ok jsing