Dev news

Commit b4ba8a6fb5 for strongswan.org

commit b4ba8a6fb57894e7d614462dc2a011b9855634e7
Author: Tobias Brunner <tobias@strongswan.org>
Date:   Wed Apr 22 09:44:38 2026 +0200

    openssl: Fix memory leak if ipAddrBlock is non-canonical

diff --git a/src/libstrongswan/plugins/openssl/openssl_x509.c b/src/libstrongswan/plugins/openssl/openssl_x509.c
index 5086feda49..3cedab7ee1 100644
--- a/src/libstrongswan/plugins/openssl/openssl_x509.c
+++ b/src/libstrongswan/plugins/openssl/openssl_x509.c
@@ -982,7 +982,7 @@ static bool parse_ipAddrBlock_ext(private_openssl_x509_t *this,

 	if (!X509v3_addr_is_canonical(blocks))
 	{
-		sk_IPAddressFamily_free(blocks);
+		sk_IPAddressFamily_pop_free(blocks, IPAddressFamily_free);
 		return FALSE;
 	}