Noticed while looking for the buffer overwrite mentioned on bugs.
ec_sig is allocated by d2i_ECDSA_SIG() and needs to be freed.
PS: There are a few things that should be cleaned up and fixed in this
file. I'll send a diff after the overwrite is resolved.
Index: acctproc.c
===================================================================
RCS file: /cvs/src/usr.sbin/acme-client/acctproc.c,v
retrieving revision 1.23
diff -u -p -r1.23 acctproc.c
--- acctproc.c 14 Jan 2022 09:20:18 -0000 1.23
+++ acctproc.c 14 Dec 2022 11:06:45 -0000
@@ -439,6 +439,7 @@ op_sign(int fd, EVP_PKEY *pkey, enum acc
rc = 1;
out:
+ ECDSA_SIG_free(ec_sig);
EVP_MD_CTX_free(ctx);
free(pay);
free(sign);
