[prev in list] [next in list] [prev in thread] [next in thread]
List: squid-cvs
Subject: /bzr/squid3/trunk/ r12761: Bug 3817: Memory leak in SSL cert validate for alt_name peer certs
From: Christos Tsantilas <chtsanti () users ! sourceforge ! net>
Date: 2013-04-17 8:14:56
Message-ID: 20130417082005.6283.qmail () squid-cache ! org
[Download RAW message or body]
--===============1188610898==
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
------------------------------------------------------------
revno: 12761
fixes bug(s): http://bugs.squid-cache.org/show_bug.cgi?id=3817
committer: Christos Tsantilas <chtsanti@users.sourceforge.net>
branch nick: trunk
timestamp: Wed 2013-04-17 11:14:56 +0300
message:
Bug 3817: Memory leak in SSL cert validate for alt_name peer certs
Inside function Ssl::matchX509CommonNames which checks a domain name against
certificate common name and alternate names, if the domain matches any of the
alternate names the function return without releasing allocated data.
modified:
src/ssl/support.cc
--===============1188610898==
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; name="r12761.diff"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
=== modified file 'src/ssl/support.cc'
--- a/src/ssl/support.cc 2013-01-30 15:39:37 +0000
+++ b/src/ssl/support.cc 2013-04-17 08:14:56 +0000
@@ -191,8 +191,10 @@
}
ASN1_STRING *cn_data = check->d.dNSName;
- if ( (*check_func)(check_data, cn_data) == 0)
+ if ( (*check_func)(check_data, cn_data) == 0) {
+ sk_GENERAL_NAME_pop_free(altnames, GENERAL_NAME_free);
return 1;
+ }
}
sk_GENERAL_NAME_pop_free(altnames, GENERAL_NAME_free);
}
--===============1188610898==--
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic