Don't leak memory from notice_section function on error path

The notice_section() function allocates a STACK_OF(CONF_VALUE) but
then fails to free it on an error path.

Reviewed-by: Richard Levitte <levitte@openssl.org>

diff --git a/crypto/x509v3/v3_cpols.c b/crypto/x509v3/v3_cpols.c
index fe722b14a796a3d21d57ed2cc302543815fbb868..81d0d996a93c63eedf911f6fc12af95f50bdc0c7 100644 (file)
--- a/crypto/x509v3/v3_cpols.c
+++ b/crypto/x509v3/v3_cpols.c
@@ -295,6 +295,7 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
             if (!nos || !sk_CONF_VALUE_num(nos)) {
                 X509V3err(X509V3_F_NOTICE_SECTION, X509V3_R_INVALID_NUMBERS);
                 X509V3_conf_err(cnf);
+                sk_CONF_VALUE_pop_free(nos, X509V3_conf_free);
                 goto err;
             }
             ret = nref_nos(nref->noticenos, nos);