Fix leak in get_peer_cert_info

Summary: Valgrind shows that we are not freeing the X509 object that is returned when we call SSL_get_peer_certificate. Fix this by free'ing it at various exit points. Squash with: f29eb03 Expose user certificate details to command line. Test Plan: mysqltest.sh --valgrind main.information_schema_authinfo Reviewers: kradhakrishnan Reviewed By: kradhakrishnan Subscribers: jkedgar, webscalesql-eng Differential Revision: https://reviews.facebook.net/D53169
facebook · Jan 22, 2016 · c631017 · c631017
1 parent 4f8d6fb
commit c631017
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/sql/sql_show.cc b/sql/sql_show.cc
@@ -2149,13 +2149,15 @@ BUF_MEM *get_peer_cert_info(THD *thd)
   // Create new X509 buffer abstraction
   BIO *bio = BIO_new(BIO_s_mem());
   if (!bio) {
+    X509_free(cert);
     return NULL;
   }
 
   // Print the certificate to the buffer
   int status = X509_print(bio, cert);
   if (status != 1) {
     BIO_free(bio);
+    X509_free(cert);
     return NULL;
   }
 
@@ -2164,6 +2166,7 @@ BUF_MEM *get_peer_cert_info(THD *thd)
   BIO_get_mem_ptr(bio, &bufmem);
   (void) BIO_set_close(bio, BIO_NOCLOSE);
   BIO_free(bio);
+  X509_free(cert);
 
   assert(bufmem->length <= bufmem->max);
   if (bufmem->length) {