diff options
author | Daniel Stenberg <daniel@haxx.se> | 2005-01-10 09:48:39 +0000 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2005-01-10 09:48:39 +0000 |
commit | 83bab78bdaeecc7fd5cae3c035d5239b0d38468f (patch) | |
tree | 1358f58d3d202c7cd4d5d6970a7df72f0160eaec | |
parent | 894ec46ef4e504e73e023740b67d151e782c9bce (diff) |
Hzhijun reported a memory leak in the SSL certificate code, that leaked the
remote certificate name when it didn't match the used host name.
-rw-r--r-- | CHANGES | 4 | ||||
-rw-r--r-- | RELEASE-NOTES | 4 | ||||
-rw-r--r-- | lib/ssluse.c | 9 |
3 files changed, 12 insertions, 5 deletions
@@ -7,6 +7,10 @@ Changelog +Daniel (10 January 2005) +- Hzhijun reported a memory leak in the SSL certificate code, that leaked the + remote certificate name when it didn't match the used host name. + Gisle (8 January 2005) - Added Makefile.Watcom files (src/lib). Updated Makefile.dist. diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 5c219d5a1..c336b1927 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -16,6 +16,7 @@ This release includes the following changes: This release includes the following bugfixes: + o SSL certificate name memory leak o -d with -G to multiple URLs crashed o double va_list access crash fixed o minor memory leak when "version" is set in a cookie header @@ -31,6 +32,7 @@ This release would not have looked like this without help, code, reports and advice from friends like these: Dan Fandrich, Peter Pentchev, Marcin Konicki, Rune Kleveland, David Shaw, - Werner Koch, Gisle Vanem, Alex Neblett, Kai Sommerfeld, Marty Kuhrt + Werner Koch, Gisle Vanem, Alex Neblett, Kai Sommerfeld, Marty Kuhrt, + Hzhijun Thanks! (and sorry if I forgot to mention someone) diff --git a/lib/ssluse.c b/lib/ssluse.c index fa2c64ec0..d7282d519 100644 --- a/lib/ssluse.c +++ b/lib/ssluse.c @@ -1003,6 +1003,7 @@ static CURLcode verifyhost(struct connectdata *conn, #else struct in_addr addr; #endif + CURLcode res = CURLE_OK; #ifdef ENABLE_IPV6 if(conn->bits.ipv6_ip && @@ -1131,8 +1132,7 @@ static CURLcode verifyhost(struct connectdata *conn, if(data->set.ssl.verifyhost > 1) { failf(data, "SSL: certificate subject name '%s' does not match " "target host name '%s'", peer_CN, conn->host.dispname); - OPENSSL_free(peer_CN); - return CURLE_SSL_PEER_CERTIFICATE ; + res = CURLE_SSL_PEER_CERTIFICATE; } else infof(data, "\t common name: %s (does not match '%s')\n", @@ -1140,10 +1140,11 @@ static CURLcode verifyhost(struct connectdata *conn, } else { infof(data, "\t common name: %s (matched)\n", peer_CN); - OPENSSL_free(peer_CN); } + if(peer_CN) + OPENSSL_free(peer_CN); } - return CURLE_OK; + return res; } #endif |