From 8b3b74a04d89350f4cca54a80d15a759c5df5097 Mon Sep 17 00:00:00 2001
From: Ivo Manca <pinkel@gmail.com>
Date: Tue, 31 May 2016 13:42:33 +0200
Subject: [PATCH] Plug memory leak in mbedTLS backend

Signed-off-by: Ivo Manca <pinkel@gmail.com>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <1464694953-3681-1-git-send-email-pinkel@gmail.com>
URL: http://article.gmane.org/gmane.network.openvpn.devel/11752
Signed-off-by: David Sommerseth <dazo@privateinternetaccess.com>
---
 src/openvpn/ssl_verify_polarssl.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/openvpn/ssl_verify_polarssl.c b/src/openvpn/ssl_verify_polarssl.c
index 7ed87d6c4..cc46b758c 100644
--- a/src/openvpn/ssl_verify_polarssl.c
+++ b/src/openvpn/ssl_verify_polarssl.c
@@ -137,7 +137,7 @@ backend_x509_get_serial (openvpn_x509_cert_t *cert, struct gc_arena *gc)
   if (!polar_ok(mpi_read_binary(&serial_mpi, cert->serial.p, cert->serial.len)))
     {
       msg(M_WARN, "Failed to retrieve serial from certificate.");
-      return NULL;
+      goto end;
     }
 
   /* Determine decimal representation length, allocate buffer */
@@ -148,9 +148,12 @@ backend_x509_get_serial (openvpn_x509_cert_t *cert, struct gc_arena *gc)
   if (!polar_ok(mpi_write_string(&serial_mpi, 10, buf, &buflen)))
     {
       msg(M_WARN, "Failed to write serial to string.");
-      return NULL;
+      buf = NULL;
+      goto end;
     }
 
+end:
+  mpi_free(&serial_mpi);
   return buf;
 }
 
-- 
2.47.2