Fix memory leak in X509V3_add1_i2d when flag is X509V3_ADD_DELETE

Fixes #18677

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18698)

diff --git a/crypto/x509/v3_lib.c b/crypto/x509/v3_lib.c
index 42b6ff15277e199ea7a014138b9bced84473c60a..5c05b56d9c7fdd560942f8ab23c59473fc8aa29b 100644 (file)
--- a/crypto/x509/v3_lib.c
+++ b/crypto/x509/v3_lib.c
@@ -242,8 +242,10 @@ int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value,
         }
         /* If delete, just delete it */
         if (ext_op == X509V3_ADD_DELETE) {
-            if (!sk_X509_EXTENSION_delete(*x, extidx))
+            extmp = sk_X509_EXTENSION_delete(*x, extidx);
+            if (extmp == NULL)
                 return -1;
+            X509_EXTENSION_free(extmp);
             return 1;
         }
     } else {