From 652dcc4768178318a02265fe5fe2c2c80a9b3de2 Mon Sep 17 00:00:00 2001
From: tb <>
Date: Tue, 8 Feb 2022 19:13:50 +0000
Subject: Plug a long standing leak in libtls CRL handling

X509_STORE_add_crl() does not take ownership of the CRL, it bumps its
refcount. So nulling out the CRL from the stack will leak it.

Issue reported by KS Sreeram, thanks!

ok jsing
---
 src/lib/libtls/tls.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

(limited to 'src')

diff --git a/src/lib/libtls/tls.c b/src/lib/libtls/tls.c
index fd525aa428..ff33ebe53e 100644
--- a/src/lib/libtls/tls.c
+++ b/src/lib/libtls/tls.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls.c,v 1.93 2022/01/25 21:51:24 eric Exp $ */
+/* $OpenBSD: tls.c,v 1.94 2022/02/08 19:13:50 tb Exp $ */
 /*
  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
  *
@@ -647,7 +647,6 @@ tls_configure_ssl_verify(struct tls *ctx, SSL_CTX *ssl_ctx, int verify)
 				tls_set_error(ctx, "failed to add crl");
 				goto err;
 			}
-			xi->crl = NULL;
 		}
 		X509_STORE_set_flags(store,
 		    X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL);
-- 
cgit v1.2.3-55-g6feb