From 297d69161b014ffbc3dd686e2216f29059431717 Mon Sep 17 00:00:00 2001
From: Jouni Malinen <jouni@codeaurora.org>
Date: Tue, 7 Jan 2020 20:40:12 +0200
Subject: [PATCH] OpenSSL: Fix memory leak in TOD policy validation

Returned policies from X509_get_ext_d2i() need to be freed.

Fixes: 21f1a1e66c39 ("Report TOD policy")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
---
 src/crypto/tls_openssl.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index a4a647eee..a6a4ce4b9 100644
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -2190,6 +2190,7 @@ static int openssl_cert_tod(X509 *cert)
 		else if (os_strcmp(buf, "1.3.6.1.4.1.40808.1.3.2") == 0 && !tod)
 			tod = 2; /* TOD-TOFU */
 	}
+	sk_POLICYINFO_pop_free(ext, POLICYINFO_free);
 
 	return tod;
 }