BUG/MINOR: ssl: double free on error for ckch->{key,cert}
On last error in ssl_sock_load_pem_into_ckch, key/cert are released
and ckch->{key,cert} are released in ssl_sock_free_cert_key_and_chain_contents.
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index c6878e4..770216d 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -3097,7 +3097,7 @@
{
BIO *in = NULL;
int ret = 1;
- X509 *ca = NULL;
+ X509 *ca;
X509 *cert = NULL;
EVP_PKEY *key = NULL;
DH *dh;
@@ -3172,10 +3172,12 @@
if (ckch->key) /* free the previous key */
EVP_PKEY_free(ckch->key);
ckch->key = key;
+ key = NULL;
if (ckch->cert) /* free the previous cert */
X509_free(ckch->cert);
ckch->cert = cert;
+ cert = NULL;
/* Look for a Certificate Chain */
ca = PEM_read_bio_X509(in, NULL, NULL, NULL);
@@ -3215,12 +3217,10 @@
ERR_clear_error();
if (in)
BIO_free(in);
- if (ret != 0) {
- if (key)
- EVP_PKEY_free(key);
- if (cert)
- X509_free(cert);
- }
+ if (key)
+ EVP_PKEY_free(key);
+ if (cert)
+ X509_free(cert);
return ret;
}