From: Matt Caswell <matt@openssl.org>
Date: Tue, 26 Apr 2016 17:25:39 +0000 (+0100)
Subject: Don't leak X509_OBJECT in an error path
X-Git-Tag: OpenSSL_1_1_0-pre6~623
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=0461b7ea7bd1112c4fa357545fc8a456138ed3af;p=oweals%2Fopenssl.git

Don't leak X509_OBJECT in an error path

Swap the ordering of some code to avoid a leak in an error path.

Reviewed-by: Richard Levitte <levitte@openssl.org>
---

diff --git a/apps/s_server.c b/apps/s_server.c
index 08753c30fd..c998fcdebc 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -576,13 +576,13 @@ static int cert_status_cb(SSL *s, void *arg)
         BIO_puts(bio_err, "cert_status: Can't retrieve issuer certificate.\n");
         goto done;
     }
-    req = OCSP_REQUEST_new();
-    if (req == NULL)
-        goto err;
     id = OCSP_cert_to_id(NULL, x, X509_OBJECT_get0_X509(obj));
     X509_OBJECT_free(obj);
     if (!id)
         goto err;
+    req = OCSP_REQUEST_new();
+    if (req == NULL)
+        goto err;
     if (!OCSP_request_add0_id(req, id))
         goto err;
     id = NULL;