]> source.dussan.org Git - rspamd.git/commitdiff
[CritFix] Fix bad memory leak in TLS certificates validation
authorVsevolod Stakhov <vsevolod@highsecure.ru>
Sun, 29 Jan 2017 17:31:57 +0000 (17:31 +0000)
committerVsevolod Stakhov <vsevolod@highsecure.ru>
Sun, 29 Jan 2017 17:34:04 +0000 (17:34 +0000)
src/libutil/ssl_util.c

index 9913e48d3ea6e324c0dd25d70cd23fbf6dce3c94..828250e5015d673c31fc88ea90295db7cf74f9db 100644 (file)
@@ -331,6 +331,7 @@ rspamd_ssl_peer_verify (struct rspamd_ssl_connection *c)
 
        if (c->hostname) {
                if (!rspamd_tls_check_name (server_cert, c->hostname)) {
+                       X509_free (server_cert);
                        g_set_error (&err, rspamd_ssl_quark (), ver_err, "peer certificate fails "
                                        "hostname verification for %s", c->hostname);
                        c->err_handler (c->handler_data, err);
@@ -340,6 +341,8 @@ rspamd_ssl_peer_verify (struct rspamd_ssl_connection *c)
                }
        }
 
+       X509_free (server_cert);
+
        return TRUE;
 }