From: Mariatta <Mariatta@users.noreply.github.com>
Date: Sat, 15 Apr 2017 01:24:22 +0000 (-0700)
Subject: [2.7] bpo-29738: Fix memory leak in _get_crl_dp (GH-526) (GH-1144)
X-Git-Tag: v2.7.14rc1~213
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=b2b00e039ce71e69148e5f479e2154c1c7b712ca;p=python

[2.7] bpo-29738: Fix memory leak in _get_crl_dp (GH-526) (GH-1144)

* Remove conditional on free of `dps`, since `dps` is now allocated for
all versions of OpenSSL
* Remove call to `x509_check_ca` since it was only used to cache
the `crldp` field of the certificate
CRL_DIST_POINTS_free is available in all supported versions of OpenSSL
(recent 0.9.8+) and LibreSSL.
(cherry picked from commit 2849cc34a8db93d448a62d69c462402347b50dcb)
---

diff --git a/Modules/_ssl.c b/Modules/_ssl.c
index 4fff16f6f4..45a1d01231 100644
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -1125,10 +1125,6 @@ _get_crl_dp(X509 *certificate) {
     int i, j;
     PyObject *lst, *res = NULL;
 
-#if OPENSSL_VERSION_NUMBER >= 0x10001000L
-    /* Calls x509v3_cache_extensions and sets up crldp */
-    X509_check_ca(certificate);
-#endif
     dps = X509_get_ext_d2i(certificate, NID_crl_distribution_points, NULL, NULL);
 
     if (dps == NULL)
@@ -1173,9 +1169,7 @@ _get_crl_dp(X509 *certificate) {
 
   done:
     Py_XDECREF(lst);
-#if OPENSSL_VERSION_NUMBER < 0x10001000L
-    sk_DIST_POINT_free(dps);
-#endif
+    CRL_DIST_POINTS_free(dps);
     return res;
 }