Gary Maxwell filed bug report #1856628

(http://curl.haxx.se/bug/view.cgi?id=1856628) and provided a fix for the
(small) memory leak in the SSL session ID caching code. It happened when a
previous entry in the cache was re-used.

CHANGES

@@ -6,6 +6,12 @@
 
                                   Changelog
 
+Daniel S (25 Dec 2007)
+- Gary Maxwell filed bug report #1856628
+  (http://curl.haxx.se/bug/view.cgi?id=1856628) and provided a fix for the
+  (small) memory leak in the SSL session ID caching code. It happened when a
+  previous entry in the cache was re-used.
+
 Daniel Fandrich (19 Dec 2007)
 - Ensure that nroff doesn't put anything but ASCII characters into the
   --manual text.

RELEASE-NOTES

@@ -38,6 +38,7 @@ This release includes the following bugfixes:
  o Expect: 100-continue flaw on re-used connection with POSTs
  o build fix for MSVC 9.0 (VS2008)
  o Windows curl builds failed file truncation when retry downloading
+ o SSL session ID cache memory leak
 
 This release includes the following known bugs:
 
@@ -58,6 +59,6 @@ advice from friends like these:
  Dan Fandrich, Gisle Vanem, Toby Peterson, Yang Tse, Daniel Black,
  Robin Johnson, Michal Marek, Ates Goral, Andres Garcia, Rob Crittenden,
  Emil Romanus, Alessandro Vesely, Ray Pekowski, Spacen Jasset, Andrew Moise,
- Gilles Blanc, David Wright, Vikram Saxena, Mateusz Loskot
+ Gilles Blanc, David Wright, Vikram Saxena, Mateusz Loskot, Gary Maxwell
  
         Thanks! (and sorry if I forgot to mention someone)

lib/sslgen.c

@@ -384,6 +384,9 @@ CURLcode Curl_ssl_addsessionid(struct connectdata *conn,
   store->sessionid = ssl_sessionid;
   store->idsize = idsize;
   store->age = data->state.sessionage;    /* set current age */
+  if (store->name)
+    /* free it if there's one already present */
+    free(store->name)
   store->name = clone_host;               /* clone host name */
   store->remote_port = conn->remote_port; /* port number */