From: Vsevolod Stakhov <vsevolod@highsecure.ru>
Date: Sun, 29 Jan 2017 17:31:57 +0000 (+0000)
Subject: [CritFix] Fix bad memory leak in TLS certificates validation
X-Git-Tag: 1.4.4~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7210027330df3e30d74964c2a87a3d647d0d079d;p=thirdparty%2Frspamd.git

[CritFix] Fix bad memory leak in TLS certificates validation
---

diff --git a/src/libutil/ssl_util.c b/src/libutil/ssl_util.c
index c320dfd29b..6f00e16216 100644
--- a/src/libutil/ssl_util.c
+++ b/src/libutil/ssl_util.c
@@ -330,6 +330,7 @@ rspamd_ssl_peer_verify (struct rspamd_ssl_connection *c)
 
 	if (c->hostname) {
 		if (!rspamd_tls_check_name (server_cert, c->hostname)) {
+			X509_free (server_cert);
 			g_set_error (&err, rspamd_ssl_quark (), ver_err, "peer certificate fails "
 					"hostname verification for %s", c->hostname);
 			c->err_handler (c->handler_data, err);
@@ -339,6 +340,8 @@ rspamd_ssl_peer_verify (struct rspamd_ssl_connection *c)
 		}
 	}
 
+	X509_free (server_cert);
+
 	return TRUE;
 }