From 56f8640c2d889852a8bfd6707e723d2c38cdd850 Mon Sep 17 00:00:00 2001
From: tb <tb@openbsd.org>
Date: Tue, 8 Feb 2022 19:13:50 +0000
Subject: [PATCH] Plug a long standing leak in libtls CRL handling

X509_STORE_add_crl() does not take ownership of the CRL, it bumps its
refcount. So nulling out the CRL from the stack will leak it.

Issue reported by KS Sreeram, thanks!

ok jsing
---
 lib/libtls/tls.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/lib/libtls/tls.c b/lib/libtls/tls.c
index fd525aa428a..ff33ebe53e1 100644
--- a/lib/libtls/tls.c
+++ b/lib/libtls/tls.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls.c,v 1.93 2022/01/25 21:51:24 eric Exp $ */
+/* $OpenBSD: tls.c,v 1.94 2022/02/08 19:13:50 tb Exp $ */
 /*
  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
  *
@@ -647,7 +647,6 @@ tls_configure_ssl_verify(struct tls *ctx, SSL_CTX *ssl_ctx, int verify)
 				tls_set_error(ctx, "failed to add crl");
 				goto err;
 			}
-			xi->crl = NULL;
 		}
 		X509_STORE_set_flags(store,
 		    X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL);
-- 
2.20.1