From 5e8cd0a4f48f06df2542e7c74dcbb4310bce7c4c Mon Sep 17 00:00:00 2001
From: Shane Lontis <shane.lontis@oracle.com>
Date: Thu, 10 Sep 2020 18:45:39 +1000
Subject: [PATCH] Fix coverity issue: CID 1466479 - Resource leak in
 apps/pkcs12.c

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12847)
---
 apps/pkcs12.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/apps/pkcs12.c b/apps/pkcs12.c
index f5bb18a8db4..23ffa98f773 100644
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -541,13 +541,15 @@ int pkcs12_main(int argc, char **argv)
             X509_STORE_free(store);
 
             if (vret == X509_V_OK) {
+                int add_certs;
                 /* Remove from chain2 the first (end entity) certificate */
                 X509_free(sk_X509_shift(chain2));
                 /* Add the remaining certs (except for duplicates) */
-                if (!X509_add_certs(certs, chain2, X509_ADD_FLAG_UP_REF
-                                    | X509_ADD_FLAG_NO_DUP))
-                    goto export_end;
+                add_certs = X509_add_certs(certs, chain2, X509_ADD_FLAG_UP_REF
+                                           | X509_ADD_FLAG_NO_DUP);
                 sk_X509_pop_free(chain2, X509_free);
+                if (!add_certs)
+                    goto export_end;
             } else {
                 if (vret != X509_V_ERR_UNSPECIFIED)
                     BIO_printf(bio_err, "Error getting chain: %s\n",
-- 
2.47.3