From 7210027330df3e30d74964c2a87a3d647d0d079d Mon Sep 17 00:00:00 2001
From: Vsevolod Stakhov <vsevolod@highsecure.ru>
Date: Sun, 29 Jan 2017 17:31:57 +0000
Subject: [PATCH] [CritFix] Fix bad memory leak in TLS certificates validation

---
 src/libutil/ssl_util.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/libutil/ssl_util.c b/src/libutil/ssl_util.c
index c320dfd29..6f00e1621 100644
--- a/src/libutil/ssl_util.c
+++ b/src/libutil/ssl_util.c
@@ -330,6 +330,7 @@ rspamd_ssl_peer_verify (struct rspamd_ssl_connection *c)
 
 	if (c->hostname) {
 		if (!rspamd_tls_check_name (server_cert, c->hostname)) {
+			X509_free (server_cert);
 			g_set_error (&err, rspamd_ssl_quark (), ver_err, "peer certificate fails "
 					"hostname verification for %s", c->hostname);
 			c->err_handler (c->handler_data, err);
@@ -339,6 +340,8 @@ rspamd_ssl_peer_verify (struct rspamd_ssl_connection *c)
 		}
 	}
 
+	X509_free (server_cert);
+
 	return TRUE;
 }
 
-- 
2.39.5