Avoid memleak caused by shadowing

The outer scope in x509_constraints_extract_names() contains a vname
variable which will be freed on error, but an inner scope contains
another vname that won't be freed, e.g., if x509_constraints_names_add
fails.

Found by llvm scan-build.

ok beck

1 files changed, 5 insertions, 2 deletions

diff --git a/src/lib/libcrypto/x509/x509_constraints.c b/src/lib/libcrypto/x509/x509_constraints.c
index 34795c0796..f50a55c6ac 100644
--- a/src/lib/libcrypto/x509/x509_constraints.c
+++ b/src/lib/libcrypto/x509/x509_constraints.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_constraints.c,v 1.7 2020/09/20 18:32:33 tb Exp $ */
+/* $OpenBSD: x509_constraints.c,v 1.8 2020/09/20 19:13:06 tb Exp $ */
 /*
  * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
  *
@@ -769,9 +769,12 @@ x509_constraints_extract_names(struct x509_constraints_names *names,
         }
         subject_name = X509_get_subject_name(cert);
         if (X509_NAME_entry_count(subject_name) > 0) {
-                struct x509_constraints_name *vname = NULL;
                 X509_NAME_ENTRY *email;
                 X509_NAME_ENTRY *cn;
+
+                x509_constraints_name_free(vname);
+                vname = NULL;
+
                 /*
                  * This cert has a non-empty subject, so we must add
                  * the subject as a dirname to be compared against