[CritFix] Fix bad memory leak in TLS certificates validation

diff --git a/src/libutil/ssl_util.c b/src/libutil/ssl_util.c
index c320dfd29bdde55ea902020238522cf380150ce3..6f00e16216b7d2d1f34aa07d96d8c76bed427e21 100644 (file)
--- a/src/libutil/ssl_util.c
+++ b/src/libutil/ssl_util.c
@@ -330,6 +330,7 @@ rspamd_ssl_peer_verify (struct rspamd_ssl_connection *c)
 
        if (c->hostname) {
                if (!rspamd_tls_check_name (server_cert, c->hostname)) {
+                       X509_free (server_cert);
                        g_set_error (&err, rspamd_ssl_quark (), ver_err, "peer certificate fails "
                                        "hostname verification for %s", c->hostname);
                        c->err_handler (c->handler_data, err);
@@ -339,6 +340,8 @@ rspamd_ssl_peer_verify (struct rspamd_ssl_connection *c)
                }
        }
 
+       X509_free (server_cert);
+
        return TRUE;
 }