From 6eb311eea6fca45495b3a48c396f5aa8e8f7e714 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Wed, 27 Apr 2016 16:41:43 +0100
Subject: Don't leak memory from notice_section function on error path

The notice_section() function allocates a STACK_OF(CONF_VALUE) but
then fails to free it on an error path.

Reviewed-by: Richard Levitte <levitte@openssl.org>
---
 crypto/x509v3/v3_cpols.c | 1 +
 1 file changed, 1 insertion(+)

(limited to 'crypto/x509v3')

diff --git a/crypto/x509v3/v3_cpols.c b/crypto/x509v3/v3_cpols.c
index fe722b14a7..81d0d996a9 100644
--- a/crypto/x509v3/v3_cpols.c
+++ b/crypto/x509v3/v3_cpols.c
@@ -295,6 +295,7 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
             if (!nos || !sk_CONF_VALUE_num(nos)) {
                 X509V3err(X509V3_F_NOTICE_SECTION, X509V3_R_INVALID_NUMBERS);
                 X509V3_conf_err(cnf);
+                sk_CONF_VALUE_pop_free(nos, X509V3_conf_free);
                 goto err;
             }
             ret = nref_nos(nref->noticenos, nos);
-- 
cgit v1.2.3