From 95aad2235d3c3583588fb32d8d7c57a763a4e1b6 Mon Sep 17 00:00:00 2001
From: Filipe da Silva <fdasilva@ingima.com>
Date: Wed, 1 Apr 2015 15:05:08 +0200
Subject: [PATCH] OCSP stapling: missing free calls.

Missing call to X509_STORE_CTX_free when X509_STORE_CTX_init fails.
Missing call to OCSP_CERTID_free when OCSP_request_add0_id fails.
Possible leaks in vary particular scenariis of memory shortage.
---
 src/event/ngx_event_openssl_stapling.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/event/ngx_event_openssl_stapling.c b/src/event/ngx_event_openssl_stapling.c
index 2fa067309..c39598ff5 100644
--- a/src/event/ngx_event_openssl_stapling.c
+++ b/src/event/ngx_event_openssl_stapling.c
@@ -310,6 +310,7 @@ ngx_ssl_stapling_issuer(ngx_conf_t *cf, ngx_ssl_t *ssl)
     if (X509_STORE_CTX_init(store_ctx, store, NULL, NULL) == 0) {
         ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
                       "X509_STORE_CTX_init() failed");
+        X509_STORE_CTX_free(store_ctx);
         return NGX_ERROR;
     }
 
@@ -1118,6 +1119,7 @@ ngx_ssl_ocsp_create_request(ngx_ssl_ocsp_ctx_t *ctx)
     if (OCSP_request_add0_id(ocsp, id) == NULL) {
         ngx_ssl_error(NGX_LOG_CRIT, ctx->log, 0,
                       "OCSP_request_add0_id() failed");
+        OCSP_CERTID_free(id);
         goto failed;
     }