From 6477d4807d2b238412da9669875f0e9fed24826c Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Thu, 6 Aug 2015 19:05:58 +0100
Subject: X509_add_ext dupes the X509_EXTENSION when adding it. fix the leak

---
 src/cryptography/hazmat/backends/openssl/backend.py | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'src')

diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py
index 0cbea1f0..0b3b7f6a 100644
--- a/src/cryptography/hazmat/backends/openssl/backend.py
+++ b/src/cryptography/hazmat/backends/openssl/backend.py
@@ -1187,6 +1187,8 @@ class Backend(object):
                 1 if extension.critical else 0,
                 _encode_asn1_str_gc(self, pp[0], r)
             )
+            assert extension != self._ffi.NULL
+            extension = self._ffi.gc(extension, self._lib.X509_EXTENSION_free)
             res = self._lib.X509_add_ext(x509_cert, extension, i)
             assert res == 1
 
-- 
cgit v1.2.3