From fc1d1ea93472985c12a4e3ae892a416de00d032e Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Mon, 24 Dec 2007 23:45:48 +0000
Subject: [PATCH] Gary Maxwell filed bug report #1856628
 (http://curl.haxx.se/bug/view.cgi?id=1856628) and provided a fix for the
 (small) memory leak in the SSL session ID caching code. It happened when a
 previous entry in the cache was re-used.

---
 CHANGES       | 6 ++++++
 RELEASE-NOTES | 3 ++-
 lib/sslgen.c  | 3 +++
 3 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/CHANGES b/CHANGES
index 5ec5dd0ec..34a8fc251 100644
--- a/CHANGES
+++ b/CHANGES
@@ -6,6 +6,12 @@
 
                                   Changelog
 
+Daniel S (25 Dec 2007)
+- Gary Maxwell filed bug report #1856628
+  (http://curl.haxx.se/bug/view.cgi?id=1856628) and provided a fix for the
+  (small) memory leak in the SSL session ID caching code. It happened when a
+  previous entry in the cache was re-used.
+
 Daniel Fandrich (19 Dec 2007)
 - Ensure that nroff doesn't put anything but ASCII characters into the
   --manual text.
diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 12b690469..7ebe7de2c 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -38,6 +38,7 @@ This release includes the following bugfixes:
  o Expect: 100-continue flaw on re-used connection with POSTs
  o build fix for MSVC 9.0 (VS2008)
  o Windows curl builds failed file truncation when retry downloading
+ o SSL session ID cache memory leak
 
 This release includes the following known bugs:
 
@@ -58,6 +59,6 @@ advice from friends like these:
  Dan Fandrich, Gisle Vanem, Toby Peterson, Yang Tse, Daniel Black,
  Robin Johnson, Michal Marek, Ates Goral, Andres Garcia, Rob Crittenden,
  Emil Romanus, Alessandro Vesely, Ray Pekowski, Spacen Jasset, Andrew Moise,
- Gilles Blanc, David Wright, Vikram Saxena, Mateusz Loskot
+ Gilles Blanc, David Wright, Vikram Saxena, Mateusz Loskot, Gary Maxwell
  
         Thanks! (and sorry if I forgot to mention someone)
diff --git a/lib/sslgen.c b/lib/sslgen.c
index c3d4ee401..2d61960cb 100644
--- a/lib/sslgen.c
+++ b/lib/sslgen.c
@@ -384,6 +384,9 @@ CURLcode Curl_ssl_addsessionid(struct connectdata *conn,
   store->sessionid = ssl_sessionid;
   store->idsize = idsize;
   store->age = data->state.sessionage;    /* set current age */
+  if (store->name)
+    /* free it if there's one already present */
+    free(store->name)
   store->name = clone_host;               /* clone host name */
   store->remote_port = conn->remote_port; /* port number */