diff options
| author | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2017-01-29 17:31:57 +0000 |
|---|---|---|
| committer | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2017-01-29 17:34:04 +0000 |
| commit | 3c09cdfeb9097df7a973849a3e053fdbe59ad5e7 (patch) | |
| tree | d89d87ad2c05244b0de230d7cab8c2fc8da2911d | |
| parent | 4be73e7b98fdf7635ae17091e181df4a674b7fe4 (diff) | |
| download | rspamd-3c09cdfeb9097df7a973849a3e053fdbe59ad5e7.tar.gz rspamd-3c09cdfeb9097df7a973849a3e053fdbe59ad5e7.zip | |
[CritFix] Fix bad memory leak in TLS certificates validation
| -rw-r--r-- | src/libutil/ssl_util.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/src/libutil/ssl_util.c b/src/libutil/ssl_util.c index 9913e48d3..828250e50 100644 --- a/src/libutil/ssl_util.c +++ b/src/libutil/ssl_util.c @@ -331,6 +331,7 @@ rspamd_ssl_peer_verify (struct rspamd_ssl_connection *c) if (c->hostname) { if (!rspamd_tls_check_name (server_cert, c->hostname)) { + X509_free (server_cert); g_set_error (&err, rspamd_ssl_quark (), ver_err, "peer certificate fails " "hostname verification for %s", c->hostname); c->err_handler (c->handler_data, err); @@ -340,6 +341,8 @@ rspamd_ssl_peer_verify (struct rspamd_ssl_connection *c) } } + X509_free (server_cert); + return TRUE; } |