From c6310177eb751a45d21ff25aea9ae765bedf0554 Mon Sep 17 00:00:00 2001
From: Manuel Ung <mung@fb.com>
Date: Thu, 21 Jan 2016 11:08:20 -0800
Subject: [PATCH] Fix leak in get_peer_cert_info

Summary:
Valgrind shows that we are not freeing the X509 object that is returned when we call SSL_get_peer_certificate. Fix this by free'ing it at various exit points.

Squash with: f29eb03 Expose user certificate details to command line.

Test Plan: mysqltest.sh --valgrind main.information_schema_authinfo

Reviewers: kradhakrishnan

Reviewed By: kradhakrishnan

Subscribers: jkedgar, webscalesql-eng

Differential Revision: https://reviews.facebook.net/D53169
---
 sql/sql_show.cc | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/sql/sql_show.cc b/sql/sql_show.cc
index 273a7ae2ef8e..5c2e681a31d4 100644
--- a/sql/sql_show.cc
+++ b/sql/sql_show.cc
@@ -2149,6 +2149,7 @@ BUF_MEM *get_peer_cert_info(THD *thd)
   // Create new X509 buffer abstraction
   BIO *bio = BIO_new(BIO_s_mem());
   if (!bio) {
+    X509_free(cert);
     return NULL;
   }
 
@@ -2156,6 +2157,7 @@ BUF_MEM *get_peer_cert_info(THD *thd)
   int status = X509_print(bio, cert);
   if (status != 1) {
     BIO_free(bio);
+    X509_free(cert);
     return NULL;
   }
 
@@ -2164,6 +2166,7 @@ BUF_MEM *get_peer_cert_info(THD *thd)
   BIO_get_mem_ptr(bio, &bufmem);
   (void) BIO_set_close(bio, BIO_NOCLOSE);
   BIO_free(bio);
+  X509_free(cert);
 
   assert(bufmem->length <= bufmem->max);
   if (bufmem->length) {