Andre Guibert de Bruet fixed a memory leak in the function that verifies the

peer's name in the SSL certificate when built for OpenSSL. The leak happens
for libcurls with CURL_DOES_CONVERSIONS enabled that fail to convert the CN
name from UTF8.

3 files changed, 15 insertions, 6 deletions

diff --git a/CHANGES b/CHANGES
index af7271c0e..00d8543a6 100644
--- a/CHANGES
+++ b/CHANGES
@@ -5,11 +5,17 @@
                              \___|\___/|_| \_\_____|
 
                                   Changelog
+Daniel S (22 May 2007)
+- Andre Guibert de Bruet fixed a memory leak in the function that verifies the
+  peer's name in the SSL certificate when built for OpenSSL. The leak happens
+  for libcurls with CURL_DOES_CONVERSIONS enabled that fail to convert the CN
+  name from UTF8.
+
 Daniel S (18 May 2007)
-- Feng Tu reported that curl -w did wrong on TFTP transfers in 
-  bug report #1715394 (http://curl.haxx.se/bug/view.cgi?id=1715394), and the
-  transfer-related info "variables" were indeed overwritten with zeroes wrongly
-  and have now been adjusted. The upload size still isn't accurate.
+- Feng Tu reported that curl -w did wrong on TFTP transfers in bug report
+  #1715394 (http://curl.haxx.se/bug/view.cgi?id=1715394), and the
+  transfer-related info "variables" were indeed overwritten with zeroes
+  wrongly and have now been adjusted. The upload size still isn't accurate.
 
 Daniel S (17 May 2007)
 - Feng Tu pointed out a division by zero error in the TFTP connect timeout
diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 0bb7221c3..9c18d9fdf 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -45,6 +45,7 @@ This release includes the following bugfixes:
  o SFTP quote commands chmod, chown, chgrp can now set a value of 0
  o TFTP connect timouts less than 5 seconds
  o improved curl -w for TFTP transfers
+ o memory leak when failed OpenSSL certificate CN field checking
 
 This release includes the following known bugs:
 
@@ -69,6 +70,7 @@ advice from friends like these:
  Song Ma, Dan Fandrich, Yang Tse, Jay Austin, Robert Iakobashvil,
  James Housley, Daniel Black, Steve Little, Sonia Subramanian, Peter O'Gorman,
  Frank Hempel, Michael Wallner, Jeff Pohlmeyer, Tobias Rundström,
- Anders Gustafsson, James Bursa, Kristian Gunstone, Feng Tu
+ Anders Gustafsson, James Bursa, Kristian Gunstone, Feng Tu,
+ Andre Guibert de Bruet
 
         Thanks! (and sorry if I forgot to mention someone)
diff --git a/lib/ssluse.c b/lib/ssluse.c
index 5c2999dfa..76c3bd846 100644
--- a/lib/ssluse.c
+++ b/lib/ssluse.c
@@ -1123,7 +1123,8 @@ static CURLcode verifyhost(struct connectdata *conn,
       rc = Curl_convert_from_utf8(data, peer_CN, strlen(peer_CN));
       /* Curl_convert_from_utf8 calls failf if unsuccessful */
       if (rc != CURLE_OK) {
-        return(rc);
+        OPENSSL_free(peer_CN);
+        return rc;
       }
     }
 #endif /* CURL_DOES_CONVERSIONS */