Plug leak in x509_verify_chain_dup()

x509_verify_chain_new() allocates a few members of a certificate chain:
an empty stack of certificates, a list of errors encountered while
validating the chain, and a list of name constraints.  The function to
copy a chain would allocate a new chain using x509_verify_chain_new()
and then clobber its members by copies of the old chain.  Fix this by
replacing x509_verify_chain_new() with calloc().

Found by review while investigating the report by Hanno Zysik who
found the same leak using valgrind. This is a cleaner version of
my initial fix from jsing.

ok jsing

1 files changed, 2 insertions, 2 deletions

diff --git a/src/lib/libcrypto/x509/x509_verify.c b/src/lib/libcrypto/x509/x509_verify.c
index 76cc70a204..59a8a1e5b6 100644
--- a/src/lib/libcrypto/x509/x509_verify.c
+++ b/src/lib/libcrypto/x509/x509_verify.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_verify.c,v 1.23 2020/11/18 17:13:55 tb Exp $ */
+/* $OpenBSD: x509_verify.c,v 1.24 2020/11/18 17:54:46 tb Exp $ */
 /*
  * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
  *
@@ -86,7 +86,7 @@ x509_verify_chain_dup(struct x509_verify_chain *chain)
 {
         struct x509_verify_chain *new_chain;
 
-        if ((new_chain = x509_verify_chain_new()) == NULL)
+        if ((new_chain = calloc(1, sizeof(*chain))) == NULL)
                 goto err;
         if ((new_chain->certs = X509_chain_up_ref(chain->certs)) == NULL)
                 goto err;