From: Timo Sirainen <tss@iki.fi>
Date: Fri, 22 Jun 2012 15:51:42 +0000 (+0300)
Subject: lib-ssl-iostream: Memory leak fixes
X-Git-Tag: 2.1.8~26
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=4b794181a01c04d1dd33c9a8339ddbc826106408;p=thirdparty%2Fdovecot%2Fcore.git

lib-ssl-iostream: Memory leak fixes
---

diff --git a/src/lib-ssl-iostream/iostream-openssl.c b/src/lib-ssl-iostream/iostream-openssl.c
index 8cee2c86f2..6fc5ce906b 100644
--- a/src/lib-ssl-iostream/iostream-openssl.c
+++ b/src/lib-ssl-iostream/iostream-openssl.c
@@ -246,7 +246,7 @@ void ssl_iostream_unref(struct ssl_iostream **_ssl_io)
 	*_ssl_io = NULL;
 
 	i_assert(ssl_io->refcount > 0);
-	if (--ssl_io->refcount >= 0)
+	if (--ssl_io->refcount > 0)
 		return;
 
 	ssl_iostream_free(ssl_io);
@@ -503,6 +503,7 @@ int openssl_cert_match_name(SSL *ssl, const char *verify_name)
 	const char *dnsname;
 	bool dns_names = FALSE;
 	unsigned int i, count;
+	int ret;
 
 	cert = SSL_get_peer_certificate(ssl);
 	i_assert(cert != NULL);
@@ -520,14 +521,15 @@ int openssl_cert_match_name(SSL *ssl, const char *verify_name)
 		}
 	}
 	sk_GENERAL_NAME_pop_free(gnames, GENERAL_NAME_free);
-	X509_free(cert);
 
 	/* verify against CommonName only when there wasn't any DNS
 	   SubjectAltNames */
 	if (dns_names)
-		return i < count ? 0 : -1;
-
-	return strcmp(get_cname(cert), verify_name) == 0 ? 0 : -1;
+		ret = i < count ? 0 : -1;
+	else
+		ret = strcmp(get_cname(cert), verify_name) == 0 ? 0 : -1;
+	X509_free(cert);
+	return ret;
 }
 
 int ssl_iostream_cert_match_name(struct ssl_iostream *ssl_io,
diff --git a/src/lib-ssl-iostream/istream-openssl.c b/src/lib-ssl-iostream/istream-openssl.c
index 6619a2c528..93bed3c659 100644
--- a/src/lib-ssl-iostream/istream-openssl.c
+++ b/src/lib-ssl-iostream/istream-openssl.c
@@ -21,6 +21,7 @@ static void i_stream_ssl_destroy(struct iostream_private *stream)
 {
 	struct ssl_istream *sstream = (struct ssl_istream *)stream;
 
+	i_free(sstream->istream.w_buffer);
 	ssl_iostream_unref(&sstream->ssl_io);
 }
 
diff --git a/src/lib-ssl-iostream/ostream-openssl.c b/src/lib-ssl-iostream/ostream-openssl.c
index ee2e263e0e..536e65ed87 100644
--- a/src/lib-ssl-iostream/ostream-openssl.c
+++ b/src/lib-ssl-iostream/ostream-openssl.c
@@ -24,7 +24,8 @@ static void o_stream_ssl_destroy(struct iostream_private *stream)
 
 	sstream->ssl_io->ssl_output = NULL;
 	ssl_iostream_unref(&sstream->ssl_io);
-	i_free(sstream->buffer);
+	if (sstream->buffer != NULL)
+		buffer_free(&sstream->buffer);
 }
 
 static size_t