SERVER-39018 Fix leak of ASN.1 objects when doing OID lookup

1 files changed, 6 insertions, 3 deletions

diff --git a/src/mongo/util/net/ssl_manager.cpp b/src/mongo/util/net/ssl_manager.cpp
index 0d7ef15046e..9fbfe088c71 100644
--- a/src/mongo/util/net/ssl_manager.cpp
+++ b/src/mongo/util/net/ssl_manager.cpp
@@ -427,9 +427,12 @@ std::string x509OidToShortName(StringData name) {
     return sn;
 }
 
+using UniqueASN1Object =
+    std::unique_ptr<ASN1_OBJECT, OpenSSLDeleter<decltype(ASN1_OBJECT_free), ASN1_OBJECT_free>>;
+
 boost::optional<std::string> x509ShortNameToOid(StringData name) {
     // Converts the OID to an ASN1_OBJECT
-    const auto obj = OBJ_txt2obj(name.rawData(), 0);
+    UniqueASN1Object obj(OBJ_txt2obj(name.rawData(), 0));
     if (!obj) {
         return boost::none;
     }
@@ -438,7 +441,7 @@ boost::optional<std::string> x509ShortNameToOid(StringData name) {
     // big the buffer should be, but the man page gives 80 as a good guess for buffer size.
     constexpr auto kDefaultBufferSize = 80;
     std::vector<char> buffer(kDefaultBufferSize);
-    size_t realSize = OBJ_obj2txt(buffer.data(), buffer.size(), obj, 1);
+    size_t realSize = OBJ_obj2txt(buffer.data(), buffer.size(), obj.get(), 1);
 
     // Resize the buffer down or up to the real size.
     buffer.resize(realSize);
@@ -446,7 +449,7 @@ boost::optional<std::string> x509ShortNameToOid(StringData name) {
     // If the real size is greater than the default buffer size we picked, then just call
     // OBJ_obj2txt again now that the buffer is correctly sized.
     if (realSize > kDefaultBufferSize) {
-        OBJ_obj2txt(buffer.data(), buffer.size(), obj, 1);
+        OBJ_obj2txt(buffer.data(), buffer.size(), obj.get(), 1);
     }
 
     return std::string(buffer.data(), buffer.size());