From: Jouni Malinen <jouni@codeaurora.org>
Date: Wed, 8 May 2019 18:08:53 +0000 (+0300)
Subject: OpenSSL: Fix a memory leak in OCSP handling
X-Git-Tag: hostap_2_9~282
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e3b39e62c2ded588943190c941084e4a08701bdf;p=thirdparty%2Fhostap.git

OpenSSL: Fix a memory leak in OCSP handling

If OCSP_resp_find_status() fails with the first OCSP_CERTID, the
generation of the second OCSP_CERTID ended up leaking memory. Fix this
by freeing the previously allocated OCSP_CERTID on that code path.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
---

diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index e5a025996..bf2407421 100644
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -4666,6 +4666,7 @@ static int ocsp_resp_cb(SSL *s, void *arg)
 	res = OCSP_resp_find_status(basic, id, &status, &reason, &produced_at,
 				    &this_update, &next_update);
 	if (!res) {
+		OCSP_CERTID_free(id);
 		id = OCSP_cert_to_id(NULL, conn->peer_cert, conn->peer_issuer);
 		if (!id) {
 			wpa_printf(MSG_DEBUG,