From 2849cc34a8db93d448a62d69c462402347b50dcb Mon Sep 17 00:00:00 2001 From: Olivier Vielpeau Date: Fri, 14 Apr 2017 21:06:07 -0400 Subject: [PATCH] bpo-29738: Fix memory leak in _get_crl_dp (GH-526) * Remove conditional on free of `dps`, since `dps` is now allocated for all versions of OpenSSL * Remove call to `x509_check_ca` since it was only used to cache the `crldp` field of the certificate CRL_DIST_POINTS_free is available in all supported versions of OpenSSL (recent 0.9.8+) and LibreSSL. --- Modules/_ssl.c | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/Modules/_ssl.c b/Modules/_ssl.c index 327fb37eba..5f2de61ae0 100644 --- a/Modules/_ssl.c +++ b/Modules/_ssl.c @@ -1209,10 +1209,6 @@ _get_crl_dp(X509 *certificate) { int i, j; PyObject *lst, *res = NULL; -#if OPENSSL_VERSION_NUMBER >= 0x10001000L - /* Calls x509v3_cache_extensions and sets up crldp */ - X509_check_ca(certificate); -#endif dps = X509_get_ext_d2i(certificate, NID_crl_distribution_points, NULL, NULL); if (dps == NULL) @@ -1257,9 +1253,7 @@ _get_crl_dp(X509 *certificate) { done: Py_XDECREF(lst); -#if OPENSSL_VERSION_NUMBER < 0x10001000L - sk_DIST_POINT_free(dps); -#endif + CRL_DIST_POINTS_free(dps); return res; } -- 2.40.0