From 25536ea6a70fdfc46f1c0ac246428fec0a288b31 Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Wed, 4 Jan 2012 14:25:42 +0000
Subject: [PATCH] Submitted by: Adam Langley <agl@chromium.org> Reviewed by:
 steve

Fix memory leaks.
---
 ssl/s3_srvr.c | 1 +
 ssl/t1_lib.c  | 6 ++++++
 2 files changed, 7 insertions(+)

diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 9e73d62921..c7b9c2c091 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -2301,6 +2301,7 @@ int ssl3_get_client_key_exchange(SSL *s)
 		if (i <= 0)
 			{
 			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
+			BN_clear_free(pub);
 			goto err;
 			}
 
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index e38bd9f0ba..3430ea1a20 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1247,6 +1247,12 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
 				sdata = data;
 				if (dsize > 0)
 					{
+					if (s->tlsext_ocsp_exts)
+						{
+						sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts,
+									   X509_EXTENSION_free);
+						}
+
 					s->tlsext_ocsp_exts =
 						d2i_X509_EXTENSIONS(NULL,
 							&sdata, dsize);
-- 
2.25.1