From bea8019826f97546e18265d3d7b8e54dfa7da250 Mon Sep 17 00:00:00 2001
From: Jimmy Brisson <jimmy.brisson@arm.com>
Date: Fri, 24 Jul 2020 14:31:48 -0500
Subject: [PATCH] Free X509_EXTENSIONs

Previously, we would leak these extensions as they are not freed by the
stack. An except from the `sk_TYPE_free` documentation:

    sk_TYPE_free() frees up the sk structure. It does not free up any
    elements of sk. After this call sk is no longer valid.

The fix is to drain the stack and free its elements before freeing the
stack. sk_TYPE_pop_free does this, so we use that instead.

Change-Id: Ie70c302f9dda5af1a7243f163d36e99916ee639c
Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
---
 tools/cert_create/src/main.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/tools/cert_create/src/main.c b/tools/cert_create/src/main.c
index 2ba110132..368493a88 100644
--- a/tools/cert_create/src/main.c
+++ b/tools/cert_create/src/main.c
@@ -539,6 +539,11 @@ int main(int argc, char *argv[])
 			exit(1);
 		}
 
+		for (cert_ext = sk_X509_EXTENSION_pop(sk); cert_ext != NULL;
+				cert_ext = sk_X509_EXTENSION_pop(sk)) {
+			X509_EXTENSION_free(cert_ext);
+		}
+
 		sk_X509_EXTENSION_free(sk);
 	}
 
-- 
GitLab