diff options
| author | Rob Percival <robpercival@google.com> | 2016-03-07 18:23:39 +0100 |
|---|---|---|
| committer | Rich Salz <rsalz@openssl.org> | 2016-03-07 20:44:04 +0100 |
| commit | 1cb437bedb06b7d6518792a2f8e62041b6e6c88b (patch) | |
| tree | 7402776a7a97077a41406d8f1a8a683a6a59ead6 | |
| parent | Fixes memory leaks in CT code (diff) | |
| download | openssl-1cb437bedb06b7d6518792a2f8e62041b6e6c88b.tar.xz openssl-1cb437bedb06b7d6518792a2f8e62041b6e6c88b.zip | |
CT code now calls X509_free() after calling SSL_get_peer_certificate()
Without this, the peer certificate would never be deleted, resulting in
a memory leak.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
| -rw-r--r-- | ssl/ssl_lib.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 40c4171dec..65558e0174 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -3941,6 +3941,7 @@ static int ct_extract_x509v3_extension_scts(SSL *s) ct_move_scts(&s->scts, scts, SCT_SOURCE_X509V3_EXTENSION); SCT_LIST_free(scts); + X509_free(cert); } return scts_extracted; @@ -4071,6 +4072,7 @@ int SSL_validate_ct(SSL *s) end: CT_POLICY_EVAL_CTX_free(ctx); + X509_free(cert); return ret; } |