From 2d137ea0d2452da77988ed4c67cc97773a0949ab Mon Sep 17 00:00:00 2001
From: Christos Tsantilas <chtsanti@users.sourceforge.net>
Date: Wed, 17 Apr 2013 23:33:28 -0600
Subject: [PATCH] Bug 3817: Memory leak in SSL cert validate for alt_name peer
 certs

Inside function Ssl::matchX509CommonNames which checks a domain name against
certificate common name and alternate names, if the domain matches any of the
alternate names the function return without releasing allocated data.
---
 src/ssl/support.cc | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/ssl/support.cc b/src/ssl/support.cc
index 4fe762e1c1..e5b361cd41 100644
--- a/src/ssl/support.cc
+++ b/src/ssl/support.cc
@@ -190,8 +190,10 @@ int Ssl::matchX509CommonNames(X509 *peer_cert, void *check_data, int (*check_fun
             }
             ASN1_STRING *cn_data = check->d.dNSName;
 
-            if ( (*check_func)(check_data, cn_data) == 0)
+            if ( (*check_func)(check_data, cn_data) == 0) {
+                sk_GENERAL_NAME_pop_free(altnames, GENERAL_NAME_free);
                 return 1;
+            }
         }
         sk_GENERAL_NAME_pop_free(altnames, GENERAL_NAME_free);
     }
-- 
2.47.2