Fix memory leak in calling SSL_clear.

State hanging off the SSL gets freed in two places.

Change-Id: I41a8d2a7cab35f0098396006e1f6380038ec471a
Reviewed-on: https://boringssl-review.googlesource.com/2212
Reviewed-by: Adam Langley <agl@google.com>

ssl/s3_lib.c

@@ -1047,12 +1047,23 @@ void ssl3_clear(SSL *s)
 	size_t rlen, wlen;
 	int init_extra;
 
+	/* TODO(davidben): Can this just call ssl3_free +
+	 * ssl3_new. rbuf, wbuf, and init_extra are preserved, but
+	 * this may not serve anything more than saving a malloc. */
+
 	ssl3_cleanup_key_block(s);
 	if (s->s3->tmp.ca_names != NULL)
 		sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
+	s->s3->tmp.ca_names = NULL;
 	if (s->s3->tmp.certificate_types != NULL)
 		OPENSSL_free(s->s3->tmp.certificate_types);
-	s->s3->tmp.num_certificate_types = 0;
+	s->s3->tmp.certificate_types = NULL;
+	if (s->s3->tmp.peer_ecpointformatlist)
+		OPENSSL_free(s->s3->tmp.peer_ecpointformatlist);
+	s->s3->tmp.peer_ecpointformatlist = NULL;
+	if (s->s3->tmp.peer_ellipticcurvelist)
+		OPENSSL_free(s->s3->tmp.peer_ellipticcurvelist);
+	s->s3->tmp.peer_ellipticcurvelist = NULL;
 
 	if (s->s3->tmp.dh != NULL)
 		{