x509ext: fix memory leak in X509::Extension#value=

X509_EXTENSION_set_data() dups the ASN1_OCTET_STRING, so we must free
the temporary ASN1_OCTET_STRING object. However we can retrieve the
current ASN1_OCTET_STRING object by X509_EXTENSION_get_data() and modify
it directly.

1 files changed, 6 insertions, 8 deletions

diff --git a/ext/openssl/ossl_x509ext.c b/ext/openssl/ossl_x509ext.c
index c2bec94f..60a63b2e 100644
--- a/ext/openssl/ossl_x509ext.c
+++ b/ext/openssl/ossl_x509ext.c
@@ -353,17 +353,15 @@ ossl_x509ext_set_value(VALUE self, VALUE data)
     X509_EXTENSION *ext;
     ASN1_OCTET_STRING *asn1s;
 
+    GetX509Ext(self, ext);
     data = ossl_to_der_if_possible(data);
     StringValue(data);
-    if(!(asn1s = ASN1_OCTET_STRING_new())){
-	ossl_raise(eX509ExtError, NULL);
-    }
-    if(!ASN1_STRING_set((ASN1_STRING *)asn1s, (unsigned char *)RSTRING_PTR(data), RSTRING_LENINT(data))){
-	ASN1_OCTET_STRING_free(asn1s);
-	ossl_raise(eX509ExtError, NULL);
+    asn1s = X509_EXTENSION_get_data(ext);
+
+    if (!ASN1_OCTET_STRING_set(asn1s, (unsigned char *)RSTRING_PTR(data),
+			       RSTRING_LENINT(data))) {
+	ossl_raise(eX509ExtError, "ASN1_OCTET_STRING_set");
     }
-    GetX509Ext(self, ext);
-    X509_EXTENSION_set_data(ext, asn1s);
 
     return data;
 }