OpenSSL: Fix memory leak in TOD policy validation

Returned policies from X509_get_ext_d2i() need to be freed.

Fixes: 21f1a1e66c39 ("Report TOD policy")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>

diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index a4a647eee0f00f01af22cc1e935ad1b5b5a47d65..a6a4ce4b912b4123e73b3cf97c74ddd7a91f6ce3 100644 (file)
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -2190,6 +2190,7 @@ static int openssl_cert_tod(X509 *cert)
                else if (os_strcmp(buf, "1.3.6.1.4.1.40808.1.3.2") == 0 && !tod)
                        tod = 2; /* TOD-TOFU */
        }
+       sk_POLICYINFO_pop_free(ext, POLICYINFO_free);
 
        return tod;
 }