Correctly fix double free introduced on review.

the roots for a ctx are only freed in the free function, not in the clear function, so that a ctx can be re-used with the same roots. ok tb@
author: beck <beck@openbsd.org> 2020-09-14 08:06:09 +0000
committer: beck <beck@openbsd.org> 2020-09-14 08:06:09 +0000
commit: f61643f32366a1ea3ad5552b88ef629766e76329 (patch)
tree: 62c7f8cbfffa9f1d40c8fc33755f881ed77adb71 /lib/libcrypto/x509/x509_vfy.c
parent: No need to check for NULL before calling free. (diff)
download: wireguard-openbsd-f61643f32366a1ea3ad5552b88ef629766e76329.tar.xz
wireguard-openbsd-f61643f32366a1ea3ad5552b88ef629766e76329.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/lib/libcrypto/x509/x509_vfy.c b/lib/libcrypto/x509/x509_vfy.c
index f076a1dc5c9..a66ef76e6bc 100644
--- a/lib/libcrypto/x509/x509_vfy.c
+++ b/lib/libcrypto/x509/x509_vfy.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_vfy.c,v 1.76 2020/09/14 07:46:01 beck Exp $ */
+/* $OpenBSD: x509_vfy.c,v 1.77 2020/09/14 08:06:09 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -682,6 +682,7 @@ X509_verify_cert(X509_STORE_CTX *ctx)
 		chain_count = x509_verify(vctx, NULL, NULL);
 	}
 
+	sk_X509_pop_free(roots, X509_free);
 	x509_verify_ctx_free(vctx);
 
 	/* if we succeed we have a chain in ctx->chain */
author	beck <beck@openbsd.org>	2020-09-14 08:06:09 +0000
committer	beck <beck@openbsd.org>	2020-09-14 08:06:09 +0000
commit	f61643f32366a1ea3ad5552b88ef629766e76329 (patch)
tree	62c7f8cbfffa9f1d40c8fc33755f881ed77adb71 /lib/libcrypto/x509/x509_vfy.c
parent	No need to check for NULL before calling free. (diff)
download	wireguard-openbsd-f61643f32366a1ea3ad5552b88ef629766e76329.tar.xz wireguard-openbsd-f61643f32366a1ea3ad5552b88ef629766e76329.zip