Don't leak X509_OBJECT in an error path

Swap the ordering of some code to avoid a leak in an error path. Reviewed-by: Richard Levitte <levitte@openssl.org>
author: Matt Caswell <matt@openssl.org> 2016-04-26 18:25:39 +0100
committer: Matt Caswell <matt@openssl.org> 2016-06-01 14:51:36 +0100
commit: 0461b7ea7bd1112c4fa357545fc8a456138ed3af (patch)
tree: 033772062d7ea2e30e18e1a44edb1e2f6099403e /apps/s_server.c
parent: 6493e4801e9edbe1ad1e256d4ce9cd55c8aa2242 (diff)
1 files changed, 3 insertions, 3 deletions
diff --git a/apps/s_server.c b/apps/s_server.c
index 08753c30fd..c998fcdebc 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -576,13 +576,13 @@ static int cert_status_cb(SSL *s, void *arg)
         BIO_puts(bio_err, "cert_status: Can't retrieve issuer certificate.\n");
         goto done;
     }
-    req = OCSP_REQUEST_new();
-    if (req == NULL)
-        goto err;
     id = OCSP_cert_to_id(NULL, x, X509_OBJECT_get0_X509(obj));
     X509_OBJECT_free(obj);
     if (!id)
         goto err;
+    req = OCSP_REQUEST_new();
+    if (req == NULL)
+        goto err;
     if (!OCSP_request_add0_id(req, id))
         goto err;
     id = NULL;
author	Matt Caswell <matt@openssl.org>	2016-04-26 18:25:39 +0100
committer	Matt Caswell <matt@openssl.org>	2016-06-01 14:51:36 +0100
commit	0461b7ea7bd1112c4fa357545fc8a456138ed3af (patch)
tree	033772062d7ea2e30e18e1a44edb1e2f6099403e /apps/s_server.c
parent	6493e4801e9edbe1ad1e256d4ce9cd55c8aa2242 (diff)