Don't leak internal->verfied_chain, clean it up in ssl3_clear and free.

spotted by and ok jsing@

1 files changed, 4 insertions, 1 deletions

diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index e78b70f0d8..8a96a2cdef 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.215 2021/09/08 12:56:14 tb Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.216 2021/10/24 09:15:00 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1574,6 +1574,7 @@ ssl3_free(SSL *s)
         tls13_clienthello_hash_clear(&S3I(s)->hs.tls13);
 
         sk_X509_NAME_pop_free(S3I(s)->hs.tls12.ca_names, X509_NAME_free);
+        sk_X509_pop_free(s->internal->verified_chain, X509_free);
 
         tls1_transcript_free(s);
         tls1_transcript_hash_free(s);
@@ -1595,6 +1596,8 @@ ssl3_clear(SSL *s)
 
         tls1_cleanup_key_block(s);
         sk_X509_NAME_pop_free(S3I(s)->hs.tls12.ca_names, X509_NAME_free);
+        sk_X509_pop_free(s->internal->verified_chain, X509_free);
+        s->internal->verified_chain = NULL;
 
         DH_free(S3I(s)->tmp.dh);
         S3I(s)->tmp.dh = NULL;