moparisthebest
/
curl
mirror of https://github.com/moparisthebest/curl
1
0
Fork 0
Code Issues Releases Wiki Activity

Hzhijun reported a memory leak in the SSL certificate code, that leaked the 

remote certificate name when it didn't match the used host name.
This commit is contained in:
Daniel Stenberg 2005-01-10 09:48:39 +00:00
parent 894ec46ef4
commit 83bab78bda
3 changed files with 12 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CHANGES
View File

@ -7,6 +7,10 @@
Changelog
Daniel (10 January 2005)
- Hzhijun reported a memory leak in the SSL certificate code, that leaked the
remote certificate name when it didn't match the used host name.
Gisle (8 January 2005)
- Added Makefile.Watcom files (src/lib). Updated Makefile.dist.

4
RELEASE-NOTES
View File

@ -16,6 +16,7 @@ This release includes the following changes:
This release includes the following bugfixes:
o SSL certificate name memory leak
o -d with -G to multiple URLs crashed
o double va_list access crash fixed
o minor memory leak when "version" is set in a cookie header
@ -31,6 +32,7 @@ This release would not have looked like this without help, code, reports and
advice from friends like these:
Dan Fandrich, Peter Pentchev, Marcin Konicki, Rune Kleveland, David Shaw,
Werner Koch, Gisle Vanem, Alex Neblett, Kai Sommerfeld, Marty Kuhrt
Werner Koch, Gisle Vanem, Alex Neblett, Kai Sommerfeld, Marty Kuhrt,
Hzhijun
Thanks! (and sorry if I forgot to mention someone)

9
lib/ssluse.c
View File

@ -1003,6 +1003,7 @@ static CURLcode verifyhost(struct connectdata *conn,
#else
struct in_addr addr;
#endif
CURLcode res = CURLE_OK;
#ifdef ENABLE_IPV6
if(conn->bits.ipv6_ip &&
@ -1131,8 +1132,7 @@ static CURLcode verifyhost(struct connectdata *conn,
if(data->set.ssl.verifyhost > 1) {
failf(data, "SSL: certificate subject name '%s' does not match "
"target host name '%s'", peer_CN, conn->host.dispname);
OPENSSL_free(peer_CN);
return CURLE_SSL_PEER_CERTIFICATE ;
res = CURLE_SSL_PEER_CERTIFICATE;
}
else
infof(data, "\t common name: %s (does not match '%s')\n",
@ -1140,10 +1140,11 @@ static CURLcode verifyhost(struct connectdata *conn,
}
else {
infof(data, "\t common name: %s (matched)\n", peer_CN);
OPENSSL_free(peer_CN);
}
if(peer_CN)
OPENSSL_free(peer_CN);
}
return CURLE_OK;
return res;
}
#endif