credential-manager: Fix leaked signature params if self-signed cert is untrusted

author Jean-François Hren <jean-francois.hren@stormshield.eu>

Mon, 1 Dec 2025 16:02:39 +0000 (17:02 +0100)

committer Tobias Brunner <tobias@strongswan.org>

Mon, 1 Dec 2025 18:18:53 +0000 (19:18 +0100)
author Jean-François Hren <jean-francois.hren@stormshield.eu>
Mon, 1 Dec 2025 16:02:39 +0000 (17:02 +0100)
committer Tobias Brunner <tobias@strongswan.org>
Mon, 1 Dec 2025 18:18:53 +0000 (19:18 +0100)
diff --git a/src/libstrongswan/credentials/credential_manager.c b/src/libstrongswan/credentials/credential_manager.c

index dd6b89488b72ae56ba09ea5a5cfe890e769cdee8..4f181212141469e82f01aa5b745c35a30afa9ff5 100644 (file)
--- a/src/libstrongswan/credentials/credential_manager.c
+++ b/src/libstrongswan/credentials/credential_manager.c
@@ -788,6 +788,7 @@ static bool verify_trust_chain(private_credential_manager_t *this,
                                         DBG1(DBG_CFG, "  self-signed certificate \"%Y\" is not "
                                                  "trusted", current->get_subject(current));
                                         issuer->destroy(issuer);
+                                       signature_params_destroy(scheme);
                                         call_hook(this, CRED_HOOK_UNTRUSTED_ROOT, current);
                                         break;
                                 }
author	Jean-François Hren <jean-francois.hren@stormshield.eu>
	Mon, 1 Dec 2025 16:02:39 +0000 (17:02 +0100)
committer	Tobias Brunner <tobias@strongswan.org>
	Mon, 1 Dec 2025 18:18:53 +0000 (19:18 +0100)