Avoid memleak caused by shadowing

The outer scope in x509_constraints_extract_names() contains a vname
variable which will be freed on error, but an inner scope contains
another vname that won't be freed, e.g., if x509_constraints_names_add
fails.

Found by llvm scan-build.

ok beck

1 files changed, 5 insertions, 2 deletions

diff --git a/lib/libcrypto/x509/x509_constraints.c b/lib/libcrypto/x509/x509_constraints.c
index 34795c07963..f50a55c6ac1 100644
--- a/lib/libcrypto/x509/x509_constraints.c
+++ b/lib/libcrypto/x509/x509_constraints.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_constraints.c,v 1.7 2020/09/20 18:32:33 tb Exp $ */
+/* $OpenBSD: x509_constraints.c,v 1.8 2020/09/20 19:13:06 tb Exp $ */
 /*
  * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
  *
@@ -769,9 +769,12 @@ x509_constraints_extract_names(struct x509_constraints_names *names,
 	}
 	subject_name = X509_get_subject_name(cert);
 	if (X509_NAME_entry_count(subject_name) > 0) {
-		struct x509_constraints_name *vname = NULL;
 		X509_NAME_ENTRY *email;
 		X509_NAME_ENTRY *cn;
+
+		x509_constraints_name_free(vname);
+		vname = NULL;
+
 		/*
 		 * This cert has a non-empty subject, so we must add
 		 * the subject as a dirname to be compared against