[CritFix] Fix bad memory leak in TLS certificates validation

diff --git a/src/libutil/ssl_util.c b/src/libutil/ssl_util.c
index 9913e48d3ea6e324c0dd25d70cd23fbf6dce3c94..828250e5015d673c31fc88ea90295db7cf74f9db 100644 (file)
--- a/src/libutil/ssl_util.c
+++ b/src/libutil/ssl_util.c
@@ -331,6 +331,7 @@ rspamd_ssl_peer_verify (struct rspamd_ssl_connection *c)
 
        if (c->hostname) {
                if (!rspamd_tls_check_name (server_cert, c->hostname)) {
+                       X509_free (server_cert);
                        g_set_error (&err, rspamd_ssl_quark (), ver_err, "peer certificate fails "
                                        "hostname verification for %s", c->hostname);
                        c->err_handler (c->handler_data, err);
@@ -340,6 +341,8 @@ rspamd_ssl_peer_verify (struct rspamd_ssl_connection *c)
                }
        }
 
+       X509_free (server_cert);
+
        return TRUE;
 }