Fix memory leak.

diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 9c1ffd41872629f8635234479cc01b990fe9bb8d..d520a1193900f790592a39dc496cc34bd88cabed 100644 (file)
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -3036,6 +3036,13 @@ void ssl3_clear(SSL *s)
                s->s3->tmp.ecdh = NULL;
                }
 #endif
+#ifndef OPENSSL_NO_TLSEXT
+       if (s->s3->tlsext_authz_client_types != NULL)
+               {
+               OPENSSL_free(s->s3->tlsext_authz_client_types);
+               s->s3->tlsext_authz_client_types = NULL;
+               }
+#endif
 
        rp = s->s3->rbuf.buf;
        wp = s->s3->wbuf.buf;

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 85a5681f87a41df497151d545be6c9014acafc95..5b285995ab34b073b626b37adecabfad4ac49328 100644 (file)
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1781,6 +1781,8 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char
                        if (!s->hit)
                                {
                                size_t i;
+                               if (s->s3->tlsext_authz_client_types != NULL)
+                                       OPENSSL_free(s->s3->tlsext_authz_client_types);
                                s->s3->tlsext_authz_client_types =
                                        OPENSSL_malloc(server_authz_dataformatlist_length);
                                if (!s->s3->tlsext_authz_client_types)