From 194a67600e6581c94e72565d4aa00b7e7e3b5131 Mon Sep 17 00:00:00 2001 From: David Carlier Date: Wed, 18 Feb 2026 21:55:00 +0000 Subject: [PATCH] BUG/MINOR: acme: fix X509_NAME leak when X509_set_issuer_name() fails In acme_gen_tmp_x509(), if X509_set_issuer_name() fails, the code jumped to the mkcert_error label without freeing the previously allocated X509_NAME object. The other error paths after X509_NAME_new() (X509_NAME_add_entry_by_txt and X509_set_subject_name) already properly freed the name before jumping to mkcert_error, but this one was missed. Fix this by freeing name before the goto, consistent with the other error paths in the same function. Must be backported as far as 3.3. --- src/acme.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/acme.c b/src/acme.c index b8ad8df67..f14759747 100644 --- a/src/acme.c +++ b/src/acme.c @@ -2681,8 +2681,10 @@ X509 *acme_gen_tmp_x509() goto mkcert_error; } /* Set issuer name as itself */ - if (X509_set_issuer_name(newcrt, name) != 1) + if (X509_set_issuer_name(newcrt, name) != 1) { + X509_NAME_free(name); goto mkcert_error; + } X509_NAME_free(name); /* Autosign the certificate with the private key */ -- 2.47.3