From bbbce94f43affd45f1dfd72c669cb061c1cc01e5 Mon Sep 17 00:00:00 2001
From: tb <>
Date: Sun, 20 Sep 2020 19:13:06 +0000
Subject: Avoid memleak caused by shadowing

The outer scope in x509_constraints_extract_names() contains a vname
variable which will be freed on error, but an inner scope contains
another vname that won't be freed, e.g., if x509_constraints_names_add
fails.

Found by llvm scan-build.

ok beck
---
 src/lib/libcrypto/x509/x509_constraints.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/lib/libcrypto/x509/x509_constraints.c b/src/lib/libcrypto/x509/x509_constraints.c
index 34795c0796..f50a55c6ac 100644
--- a/src/lib/libcrypto/x509/x509_constraints.c
+++ b/src/lib/libcrypto/x509/x509_constraints.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_constraints.c,v 1.7 2020/09/20 18:32:33 tb Exp $ */
+/* $OpenBSD: x509_constraints.c,v 1.8 2020/09/20 19:13:06 tb Exp $ */
 /*
  * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
  *
@@ -769,9 +769,12 @@ x509_constraints_extract_names(struct x509_constraints_names *names,
 	}
 	subject_name = X509_get_subject_name(cert);
 	if (X509_NAME_entry_count(subject_name) > 0) {
-		struct x509_constraints_name *vname = NULL;
 		X509_NAME_ENTRY *email;
 		X509_NAME_ENTRY *cn;
+
+		x509_constraints_name_free(vname);
+		vname = NULL;
+
 		/*
 		 * This cert has a non-empty subject, so we must add
 		 * the subject as a dirname to be compared against
-- 
cgit v1.2.3-55-g6feb