Release ownership of policy objects after they are added to the array

sethmlarson · Jul 30, 2022 · 7888052 · 7888052
1 parent 0491a8b
commit 7888052
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/src/truststore/_macos.py b/src/truststore/_macos.py
@@ -317,11 +317,13 @@ def _verify_peercerts_impl(
                 ctypes.byref(CoreFoundation.kCFTypeArrayCallBacks),
             )
             CoreFoundation.CFArrayAppendValue(policies, ssl_policy)
+            CoreFoundation.CFRelease(ssl_policy)
             revocation_policy = Security.SecPolicyCreateRevocation(
                 kSecRevocationUseAnyAvailableMethod
                 | kSecRevocationRequirePositiveResponse
             )
             CoreFoundation.CFArrayAppendValue(policies, revocation_policy)
+            CoreFoundation.CFRelease(revocation_policy)
         elif ssl_context.verify_flags & ssl.VERIFY_CRL_CHECK_LEAF:
             raise NotImplementedError("VERIFY_CRL_CHECK_LEAF not implemented for macOS")