From 83bab78bdaeecc7fd5cae3c035d5239b0d38468f Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Mon, 10 Jan 2005 09:48:39 +0000 Subject: [PATCH] Hzhijun reported a memory leak in the SSL certificate code, that leaked the remote certificate name when it didn't match the used host name. --- CHANGES | 4 ++++ RELEASE-NOTES | 4 +++- lib/ssluse.c | 9 +++++---- 3 files changed, 12 insertions(+), 5 deletions(-) diff --git a/CHANGES b/CHANGES index 60bef5659..e9b187d3e 100644 --- a/CHANGES +++ b/CHANGES @@ -7,6 +7,10 @@ Changelog +Daniel (10 January 2005) +- Hzhijun reported a memory leak in the SSL certificate code, that leaked the + remote certificate name when it didn't match the used host name. + Gisle (8 January 2005) - Added Makefile.Watcom files (src/lib). Updated Makefile.dist. diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 5c219d5a1..c336b1927 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -16,6 +16,7 @@ This release includes the following changes: This release includes the following bugfixes: + o SSL certificate name memory leak o -d with -G to multiple URLs crashed o double va_list access crash fixed o minor memory leak when "version" is set in a cookie header @@ -31,6 +32,7 @@ This release would not have looked like this without help, code, reports and advice from friends like these: Dan Fandrich, Peter Pentchev, Marcin Konicki, Rune Kleveland, David Shaw, - Werner Koch, Gisle Vanem, Alex Neblett, Kai Sommerfeld, Marty Kuhrt + Werner Koch, Gisle Vanem, Alex Neblett, Kai Sommerfeld, Marty Kuhrt, + Hzhijun Thanks! (and sorry if I forgot to mention someone) diff --git a/lib/ssluse.c b/lib/ssluse.c index fa2c64ec0..d7282d519 100644 --- a/lib/ssluse.c +++ b/lib/ssluse.c @@ -1003,6 +1003,7 @@ static CURLcode verifyhost(struct connectdata *conn, #else struct in_addr addr; #endif + CURLcode res = CURLE_OK; #ifdef ENABLE_IPV6 if(conn->bits.ipv6_ip && @@ -1131,8 +1132,7 @@ static CURLcode verifyhost(struct connectdata *conn, if(data->set.ssl.verifyhost > 1) { failf(data, "SSL: certificate subject name '%s' does not match " "target host name '%s'", peer_CN, conn->host.dispname); - OPENSSL_free(peer_CN); - return CURLE_SSL_PEER_CERTIFICATE ; + res = CURLE_SSL_PEER_CERTIFICATE; } else infof(data, "\t common name: %s (does not match '%s')\n", @@ -1140,10 +1140,11 @@ static CURLcode verifyhost(struct connectdata *conn, } else { infof(data, "\t common name: %s (matched)\n", peer_CN); - OPENSSL_free(peer_CN); } + if(peer_CN) + OPENSSL_free(peer_CN); } - return CURLE_OK; + return res; } #endif