From 6b6e0b20893e2be0e68af605a60ffa2cbb0ffa64 Mon Sep 17 00:00:00 2001
From: David Benjamin <davidben@google.com>
Date: Fri, 11 Mar 2016 19:30:29 -0500
Subject: [PATCH] Fix a memory leak in ssl3_get_certificate_request.

Found by libFuzzer.

Change-Id: Ifa343a184cc65f71fb6591d290b2d47d24a2be80
Reviewed-on: https://boringssl-review.googlesource.com/7456
Reviewed-by: Steven Valdez <svaldez@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
---
 ssl/s3_clnt.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 869e5acc..fee0b517 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -1411,6 +1411,7 @@ int ssl3_get_certificate_request(SSL *ssl) {
       OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
       goto err;
     }
+    xn = NULL;
   }
 
   /* we should setup a certificate to return.... */
@@ -1422,6 +1423,7 @@ int ssl3_get_certificate_request(SSL *ssl) {
   ret = 1;
 
 err:
+  X509_NAME_free(xn);
   sk_X509_NAME_pop_free(ca_sk, X509_NAME_free);
   return ret;
 }