Hzhijun reported a memory leak in the SSL certificate code, that leaked the

remote certificate name when it didn't match the used host name.
author: Daniel Stenberg <daniel@haxx.se> 2005-01-10 09:48:39 +0000
committer: Daniel Stenberg <daniel@haxx.se> 2005-01-10 09:48:39 +0000
commit: 83bab78bdaeecc7fd5cae3c035d5239b0d38468f (patch)
tree: 1358f58d3d202c7cd4d5d6970a7df72f0160eaec /lib
parent: 894ec46ef4e504e73e023740b67d151e782c9bce (diff)
1 files changed, 5 insertions, 4 deletions
diff --git a/lib/ssluse.c b/lib/ssluse.c
index fa2c64ec0..d7282d519 100644
--- a/lib/ssluse.c
+++ b/lib/ssluse.c
@@ -1003,6 +1003,7 @@ static CURLcode verifyhost(struct connectdata *conn,
 #else
   struct in_addr addr;
 #endif
+  CURLcode res = CURLE_OK;
 
 #ifdef ENABLE_IPV6
   if(conn->bits.ipv6_ip &&
@@ -1131,8 +1132,7 @@ static CURLcode verifyhost(struct connectdata *conn,
       if(data->set.ssl.verifyhost > 1) {
         failf(data, "SSL: certificate subject name '%s' does not match "
               "target host name '%s'", peer_CN, conn->host.dispname);
-        OPENSSL_free(peer_CN);
-        return CURLE_SSL_PEER_CERTIFICATE ;
+        res = CURLE_SSL_PEER_CERTIFICATE;
       }
       else
         infof(data, "\t common name: %s (does not match '%s')\n",
@@ -1140,10 +1140,11 @@ static CURLcode verifyhost(struct connectdata *conn,
     }
     else {
       infof(data, "\t common name: %s (matched)\n", peer_CN);
-      OPENSSL_free(peer_CN);
     }
+    if(peer_CN)
+      OPENSSL_free(peer_CN);
   }
-  return CURLE_OK;
+  return res;
 }
 #endif
author	Daniel Stenberg <daniel@haxx.se>	2005-01-10 09:48:39 +0000
committer	Daniel Stenberg <daniel@haxx.se>	2005-01-10 09:48:39 +0000
commit	83bab78bdaeecc7fd5cae3c035d5239b0d38468f (patch)
tree	1358f58d3d202c7cd4d5d6970a7df72f0160eaec /lib
parent	894ec46ef4e504e73e023740b67d151e782c9bce (diff)