From 36c6f0ad0f1464d47493309c24e2275af7f09c1e Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Mon, 18 Apr 2016 10:35:34 +0100
Subject: [PATCH] Fix PKCS7 memory leak

Commit f0e0fd51f was a bit over-zealous in removing a call to
X509_STORE_CTX_cleanup(). The call in question was in a loop and was
required to cleanup resources used on each iteration of the loop. Removing
this resulted in a memory leak.

Reviewed-by: Richard Levitte <levitte@openssl.org>
---
 crypto/pkcs7/pk7_smime.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/crypto/pkcs7/pk7_smime.c b/crypto/pkcs7/pk7_smime.c
index b146f68137..7c2d5c9895 100644
--- a/crypto/pkcs7/pk7_smime.c
+++ b/crypto/pkcs7/pk7_smime.c
@@ -328,6 +328,7 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
             i = X509_verify_cert(cert_ctx);
             if (i <= 0)
                 j = X509_STORE_CTX_get_error(cert_ctx);
+            X509_STORE_CTX_cleanup(cert_ctx);
             if (i <= 0) {
                 PKCS7err(PKCS7_F_PKCS7_VERIFY,
                          PKCS7_R_CERTIFICATE_VERIFY_ERROR);
-- 
2.25.1