fix leak

[oweals/openssl.git] / apps / s_client.c

diff --git a/apps/s_client.c b/apps/s_client.c
index da6c468a496f72694274da2e11412758e5f5899a..7a75888daf8be58c5500a2074ee03a2f89f0d1c2 100644 (file)
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -360,7 +360,7 @@ static void sc_usage(void)
        BIO_printf(bio_err," -status           - request certificate status from server\n");
        BIO_printf(bio_err," -no_ticket        - disable use of RFC4507bis session tickets\n");
        BIO_printf(bio_err," -proof_debug      - request an audit proof and print its hex dump\n");
-# if !defined(OPENSSL_NO_NEXTPROTONEG)
+# ifndef OPENSSL_NO_NEXTPROTONEG
        BIO_printf(bio_err," -nextprotoneg arg - enable NPN extension, considering named protocols supported (comma-separated list)\n");
 # endif
 #endif
@@ -539,7 +539,7 @@ static int next_proto_cb(SSL *s, unsigned char **out, unsigned char *outlen, con
        ctx->status = SSL_select_next_proto(out, outlen, in, inlen, ctx->data, ctx->len);
        return SSL_TLSEXT_ERR_OK;
        }
-# endif
+# endif  /* ndef OPENSSL_NO_NEXTPROTONEG */
 #endif
 
 enum
@@ -1910,6 +1910,10 @@ end:
                        print_stuff(bio_c_out,con,1);
                SSL_free(con);
                }
+#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
+       if (next_proto.data)
+               OPENSSL_free(next_proto.data);
+#endif
        if (ctx != NULL) SSL_CTX_free(ctx);
        if (cert)
                X509_free(cert);
@@ -1917,6 +1921,8 @@ end:
                EVP_PKEY_free(key);
        if (pass)
                OPENSSL_free(pass);
+       if (vpm)
+               X509_VERIFY_PARAM_free(vpm);
        if (cbuf != NULL) { OPENSSL_cleanse(cbuf,BUFSIZZ); OPENSSL_free(cbuf); }
        if (sbuf != NULL) { OPENSSL_cleanse(sbuf,BUFSIZZ); OPENSSL_free(sbuf); }
        if (mbuf != NULL) { OPENSSL_cleanse(mbuf,BUFSIZZ); OPENSSL_free(mbuf); }