Plug a long standing leak in libtls CRL handling

X509_STORE_add_crl() does not take ownership of the CRL, it bumps its refcount. So nulling out the CRL from the stack will leak it. Issue reported by KS Sreeram, thanks! ok jsing
libressl · Feb 8, 2022 · 388f2ae · 388f2ae
1 parent 064659c
commit 388f2ae
Showing 1 changed file with 1 addition and 2 deletions.
diff --git a/src/lib/libtls/tls.c b/src/lib/libtls/tls.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls.c,v 1.92 2021/10/21 14:31:21 tb Exp $ */
+/* $OpenBSD: tls.c,v 1.93 2022/01/25 21:51:24 eric Exp $ */
 /*
  * Copyright (c) 2014 Joel Sing <[email protected]>
  *
@@ -647,7 +647,6 @@ tls_configure_ssl_verify(struct tls *ctx, SSL_CTX *ssl_ctx, int verify)
 				tls_set_error(ctx, "failed to add crl");
 				goto err;
 			}
-			xi->crl = NULL;
 		}
 		X509_STORE_set_flags(store,
 		    X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL);