generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

CT code now calls X509_free() after calling SSL_get_peer_certificate()

Browse Source 
Without this, the peer certificate would never be deleted, resulting in
a memory leak.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
This commit is contained in:
Rob Percival 2016-03-07 17:23:39 +00:00 committed by Rich Salz
parent 147e54a77e
commit 1cb437bedb
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ssl/ssl_lib.c
View File

@ -3941,6 +3941,7 @@ static int ct_extract_x509v3_extension_scts(SSL *s)
ct_move_scts(&s->scts, scts, SCT_SOURCE_X509V3_EXTENSION); ct_move_scts(&s->scts, scts, SCT_SOURCE_X509V3_EXTENSION);
SCT_LIST_free(scts); SCT_LIST_free(scts);
X509_free(cert);
} }
return scts_extracted; return scts_extracted;
@ -4071,6 +4072,7 @@ int SSL_validate_ct(SSL *s)
end: end:
CT_POLICY_EVAL_CTX_free(ctx); CT_POLICY_EVAL_CTX_free(ctx);
X509_free(cert);
return ret; return ret;
} }