Bug#42158: leak: SSL_get_peer_certificate() doesn't have matching X509_free()

The problem is that the server failed to follow the rule that
every X509 object retrieved using SSL_get_peer_certificate()
must be explicitly freed by X509_free(). This caused a memory
leak for builds linked against OpenSSL where the X509 object
is reference counted -- improper counting will prevent the
object from being destroyed once the session containing the
peer certificate is freed.

The solution is to explicitly free every X509 object used.

mysql-test/r/openssl_1.result:
  Add test case result for Bug#42158
mysql-test/t/openssl_1.test:
  Add test case for Bug#42158
sql/sql_acl.cc:
  Deallocate X509 objects.

1 files changed, 6 insertions, 0 deletions

diff --git a/mysql-test/r/openssl_1.result b/mysql-test/r/openssl_1.result
index c408c14b716..b0dd3acd662 100644
--- a/mysql-test/r/openssl_1.result
+++ b/mysql-test/r/openssl_1.result
@@ -202,4 +202,10 @@ Ssl_cipher	RC4-SHA
 select 'is still running; no cipher request crashed the server' as result from dual;
 result
 is still running; no cipher request crashed the server
+GRANT SELECT ON test.* TO bug42158@localhost REQUIRE X509;
+FLUSH PRIVILEGES;
+SHOW STATUS LIKE 'Ssl_cipher';
+Variable_name	Value
+Ssl_cipher	DHE-RSA-AES256-SHA
+DROP USER bug42158@localhost;
 End of 5.1 tests