diff options
Diffstat (limited to 'src/cryptography')
| -rw-r--r-- | src/cryptography/hazmat/backends/openssl/backend.py | 11 | ||||
| -rw-r--r-- | src/cryptography/hazmat/backends/openssl/x509.py | 8 |
2 files changed, 16 insertions, 3 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py index bdf8f370..cfd7c89f 100644 --- a/src/cryptography/hazmat/backends/openssl/backend.py +++ b/src/cryptography/hazmat/backends/openssl/backend.py @@ -707,10 +707,15 @@ class Backend(object): sk_extension = self._lib.sk_X509_EXTENSION_new_null() self.openssl_assert(sk_extension != self._ffi.NULL) sk_extension = self._ffi.gc( - sk_extension, self._lib.sk_X509_EXTENSION_free + sk_extension, + lambda x: self._lib.sk_X509_EXTENSION_pop_free( + x, self._ffi.addressof( + self._lib._original_lib, "X509_EXTENSION_free" + ) + ) ) - # gc is not necessary for CSRs, as sk_X509_EXTENSION_free - # will release all the X509_EXTENSIONs. + # Don't GC individual extensions because the memory is owned by + # sk_extensions and will be freed along with it. self._create_x509_extensions( extensions=builder._extensions, handlers=_EXTENSION_ENCODE_HANDLERS, diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py index b870eeb7..a7a2c70d 100644 --- a/src/cryptography/hazmat/backends/openssl/x509.py +++ b/src/cryptography/hazmat/backends/openssl/x509.py @@ -429,6 +429,14 @@ class _CertificateSigningRequest(object): @utils.cached_property def extensions(self): x509_exts = self._backend._lib.X509_REQ_get_extensions(self._x509_req) + x509_exts = self._backend._ffi.gc( + x509_exts, + lambda x: self._backend._lib.sk_X509_EXTENSION_pop_free( + x, self._backend._ffi.addressof( + self._backend._lib._original_lib, "X509_EXTENSION_free" + ) + ) + ) return _CSR_EXTENSION_PARSER.parse(self._backend, x509_exts) def public_bytes(self, encoding): |