aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--CHANGES4
-rw-r--r--RELEASE-NOTES4
-rw-r--r--lib/ssluse.c9
3 files changed, 12 insertions, 5 deletions
diff --git a/CHANGES b/CHANGES
index 60bef5659..e9b187d3e 100644
--- a/CHANGES
+++ b/CHANGES
@@ -7,6 +7,10 @@
Changelog
+Daniel (10 January 2005)
+- Hzhijun reported a memory leak in the SSL certificate code, that leaked the
+ remote certificate name when it didn't match the used host name.
+
Gisle (8 January 2005)
- Added Makefile.Watcom files (src/lib). Updated Makefile.dist.
diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 5c219d5a1..c336b1927 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -16,6 +16,7 @@ This release includes the following changes:
This release includes the following bugfixes:
+ o SSL certificate name memory leak
o -d with -G to multiple URLs crashed
o double va_list access crash fixed
o minor memory leak when "version" is set in a cookie header
@@ -31,6 +32,7 @@ This release would not have looked like this without help, code, reports and
advice from friends like these:
Dan Fandrich, Peter Pentchev, Marcin Konicki, Rune Kleveland, David Shaw,
- Werner Koch, Gisle Vanem, Alex Neblett, Kai Sommerfeld, Marty Kuhrt
+ Werner Koch, Gisle Vanem, Alex Neblett, Kai Sommerfeld, Marty Kuhrt,
+ Hzhijun
Thanks! (and sorry if I forgot to mention someone)
diff --git a/lib/ssluse.c b/lib/ssluse.c
index fa2c64ec0..d7282d519 100644
--- a/lib/ssluse.c
+++ b/lib/ssluse.c
@@ -1003,6 +1003,7 @@ static CURLcode verifyhost(struct connectdata *conn,
#else
struct in_addr addr;
#endif
+ CURLcode res = CURLE_OK;
#ifdef ENABLE_IPV6
if(conn->bits.ipv6_ip &&
@@ -1131,8 +1132,7 @@ static CURLcode verifyhost(struct connectdata *conn,
if(data->set.ssl.verifyhost > 1) {
failf(data, "SSL: certificate subject name '%s' does not match "
"target host name '%s'", peer_CN, conn->host.dispname);
- OPENSSL_free(peer_CN);
- return CURLE_SSL_PEER_CERTIFICATE ;
+ res = CURLE_SSL_PEER_CERTIFICATE;
}
else
infof(data, "\t common name: %s (does not match '%s')\n",
@@ -1140,10 +1140,11 @@ static CURLcode verifyhost(struct connectdata *conn,
}
else {
infof(data, "\t common name: %s (matched)\n", peer_CN);
- OPENSSL_free(peer_CN);
}
+ if(peer_CN)
+ OPENSSL_free(peer_CN);
}
- return CURLE_OK;
+ return res;
}
#endif