From 83bab78bdaeecc7fd5cae3c035d5239b0d38468f Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Mon, 10 Jan 2005 09:48:39 +0000
Subject: Hzhijun reported a memory leak in the SSL certificate code, that
 leaked the remote certificate name when it didn't match the used host name.

---
 lib/ssluse.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

(limited to 'lib')

diff --git a/lib/ssluse.c b/lib/ssluse.c
index fa2c64ec0..d7282d519 100644
--- a/lib/ssluse.c
+++ b/lib/ssluse.c
@@ -1003,6 +1003,7 @@ static CURLcode verifyhost(struct connectdata *conn,
 #else
   struct in_addr addr;
 #endif
+  CURLcode res = CURLE_OK;
 
 #ifdef ENABLE_IPV6
   if(conn->bits.ipv6_ip &&
@@ -1131,8 +1132,7 @@ static CURLcode verifyhost(struct connectdata *conn,
       if(data->set.ssl.verifyhost > 1) {
         failf(data, "SSL: certificate subject name '%s' does not match "
               "target host name '%s'", peer_CN, conn->host.dispname);
-        OPENSSL_free(peer_CN);
-        return CURLE_SSL_PEER_CERTIFICATE ;
+        res = CURLE_SSL_PEER_CERTIFICATE;
       }
       else
         infof(data, "\t common name: %s (does not match '%s')\n",
@@ -1140,10 +1140,11 @@ static CURLcode verifyhost(struct connectdata *conn,
     }
     else {
       infof(data, "\t common name: %s (matched)\n", peer_CN);
-      OPENSSL_free(peer_CN);
     }
+    if(peer_CN)
+      OPENSSL_free(peer_CN);
   }
-  return CURLE_OK;
+  return res;
 }
 #endif
 
-- 
cgit v1.2.3