From 1a8fb6a1e2c379f6565adc7816377fe4a31667b1 Mon Sep 17 00:00:00 2001
From: tb <tb@openbsd.org>
Date: Sun, 24 Jul 2022 21:41:29 +0000
Subject: [PATCH] Plug leak in X509V3_add1_i2d()

Do not leak the extension that was deleted from the stack.

via OpenSSL c3efe5c9.

ok jsing
---
 lib/libcrypto/x509/x509_lib.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/lib/libcrypto/x509/x509_lib.c b/lib/libcrypto/x509/x509_lib.c
index a518d5b950d..e265d30f892 100644
--- a/lib/libcrypto/x509/x509_lib.c
+++ b/lib/libcrypto/x509/x509_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_lib.c,v 1.3 2021/11/01 20:53:08 tb Exp $ */
+/* $OpenBSD: x509_lib.c,v 1.4 2022/07/24 21:41:29 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -314,8 +314,9 @@ X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value,
 		}
 		/* If delete, just delete it */
 		if (ext_op == X509V3_ADD_DELETE) {
-			if (!sk_X509_EXTENSION_delete(*x, extidx))
+			if ((extmp = sk_X509_EXTENSION_delete(*x, extidx)) == NULL)
 				return -1;
+			X509_EXTENSION_free(extmp);
 			return 1;
 		}
 	} else {
-- 
2.20.1