Fix memory leak in X509V3_add1_i2d when flag is X509V3_ADD_DELETE

Fixes #18677

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18698)

(cherry picked from commit 4798e0680b112993815098ca21d7d68ff31ebc6e)

diff --git a/crypto/x509v3/v3_lib.c b/crypto/x509v3/v3_lib.c
index 97c1cbc20fed14c272bda9a3b99f8e20976e2216..d7e7c9a5cbabed58eacaa41ec0c91f8a1a123889 100644 (file)
--- a/crypto/x509v3/v3_lib.c
+++ b/crypto/x509v3/v3_lib.c
@@ -242,8 +242,10 @@ int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value,
         }
         /* If delete, just delete it */
         if (ext_op == X509V3_ADD_DELETE) {
-            if (!sk_X509_EXTENSION_delete(*x, extidx))
+            extmp = sk_X509_EXTENSION_delete(*x, extidx);
+            if (extmp == NULL)
                 return -1;
+            X509_EXTENSION_free(extmp);
             return 1;
         }
     } else {