OCSP stapling: missing free calls.

Missing call to X509_STORE_CTX_free when X509_STORE_CTX_init fails.
Missing call to OCSP_CERTID_free when OCSP_request_add0_id fails.
Possible leaks in vary particular scenariis of memory shortage.

diff --git a/src/event/ngx_event_openssl_stapling.c b/src/event/ngx_event_openssl_stapling.c
index 2fa0673093ea476e1834eda53d07f6fd96751d03..c39598ff5e2a4fc4bee33f5bfdb652a78750d7aa 100644 (file)
--- a/src/event/ngx_event_openssl_stapling.c
+++ b/src/event/ngx_event_openssl_stapling.c
@@ -310,6 +310,7 @@ ngx_ssl_stapling_issuer(ngx_conf_t *cf, ngx_ssl_t *ssl)
     if (X509_STORE_CTX_init(store_ctx, store, NULL, NULL) == 0) {
         ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
                       "X509_STORE_CTX_init() failed");
+        X509_STORE_CTX_free(store_ctx);
         return NGX_ERROR;
     }
 
@@ -1118,6 +1119,7 @@ ngx_ssl_ocsp_create_request(ngx_ssl_ocsp_ctx_t *ctx)
     if (OCSP_request_add0_id(ocsp, id) == NULL) {
         ngx_ssl_error(NGX_LOG_CRIT, ctx->log, 0,
                       "OCSP_request_add0_id() failed");
+        OCSP_CERTID_free(id);
         goto failed;
     }