From 3c09cdfeb9097df7a973849a3e053fdbe59ad5e7 Mon Sep 17 00:00:00 2001
From: Vsevolod Stakhov <vsevolod@highsecure.ru>
Date: Sun, 29 Jan 2017 17:31:57 +0000
Subject: [PATCH] [CritFix] Fix bad memory leak in TLS certificates validation

---
 src/libutil/ssl_util.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/libutil/ssl_util.c b/src/libutil/ssl_util.c
index 9913e48d3..828250e50 100644
--- a/src/libutil/ssl_util.c
+++ b/src/libutil/ssl_util.c
@@ -331,6 +331,7 @@ rspamd_ssl_peer_verify (struct rspamd_ssl_connection *c)
 
 	if (c->hostname) {
 		if (!rspamd_tls_check_name (server_cert, c->hostname)) {
+			X509_free (server_cert);
 			g_set_error (&err, rspamd_ssl_quark (), ver_err, "peer certificate fails "
 					"hostname verification for %s", c->hostname);
 			c->err_handler (c->handler_data, err);
@@ -340,6 +341,8 @@ rspamd_ssl_peer_verify (struct rspamd_ssl_connection *c)
 		}
 	}
 
+	X509_free (server_cert);
+
 	return TRUE;
 }
 
-- 
2.39.5