From 8346d41b8dbd39aa4b45f6d714486eb53e3f1c70 Mon Sep 17 00:00:00 2001
From: inoguchi <inoguchi@openbsd.org>
Date: Sat, 28 Aug 2021 02:24:10 +0000
Subject: [PATCH] Avoid leak with X509_REVOKED variable in openssl(1) ca.c

pointed out by tb@
---
 usr.bin/openssl/ca.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/usr.bin/openssl/ca.c b/usr.bin/openssl/ca.c
index dbdd43c6a76..329750e8623 100644
--- a/usr.bin/openssl/ca.c
+++ b/usr.bin/openssl/ca.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ca.c,v 1.36 2021/08/28 02:11:18 inoguchi Exp $ */
+/* $OpenBSD: ca.c,v 1.37 2021/08/28 02:24:10 inoguchi Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1473,6 +1473,7 @@ ca_main(int argc, char **argv)
 				ASN1_INTEGER_free(tmpserial);
 				if (!X509_CRL_add0_revoked(crl, r))
 					goto err;
+				r = NULL;
 			}
 		}
 
@@ -1589,6 +1590,7 @@ ca_main(int argc, char **argv)
 	if (x509)
 		X509_free(x509);
 	X509_CRL_free(crl);
+	X509_REVOKED_free(r);
 	NCONF_free(conf);
 	NCONF_free(extconf);
 	OBJ_cleanup();
-- 
2.20.1