From: Jean-François Hren <jean-francois.hren@stormshield.eu>
Date: Mon, 1 Dec 2025 16:02:39 +0000 (+0100)
Subject: credential-manager: Fix leaked signature params if self-signed cert is untrusted
X-Git-Tag: 6.0.4rc1^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f25b1aca8ba62bdc221b8aa2f86c0dfae0f9d56a;p=thirdparty%2Fstrongswan.git

credential-manager: Fix leaked signature params if self-signed cert is untrusted

Closes strongswan/strongswan#2954
---

diff --git a/src/libstrongswan/credentials/credential_manager.c b/src/libstrongswan/credentials/credential_manager.c
index dd6b89488b..4f18121214 100644
--- a/src/libstrongswan/credentials/credential_manager.c
+++ b/src/libstrongswan/credentials/credential_manager.c
@@ -788,6 +788,7 @@ static bool verify_trust_chain(private_credential_manager_t *this,
 					DBG1(DBG_CFG, "  self-signed certificate \"%Y\" is not "
 						 "trusted", current->get_subject(current));
 					issuer->destroy(issuer);
+					signature_params_destroy(scheme);
 					call_hook(this, CRED_HOOK_UNTRUSTED_ROOT, current);
 					break;
 				}