ITS#6980 free the result of SSL_PeerCertificate

In tlsm_auth_cert_handler, we get the peer's cert from the socket using
SSL_PeerCertificate.  This value is allocated and/or cached.  We must
destroy it using CERT_DestroyCertificate.

diff --git a/libraries/libldap/tls_m.c b/libraries/libldap/tls_m.c
index 224b571842848ffff49f10dc60de43ebc823de21..32af7ec7c0a87d4613b9018d830fa8bfa90e0f4d 100644 (file)
--- a/libraries/libldap/tls_m.c
+++ b/libraries/libldap/tls_m.c
@@ -1030,10 +1030,12 @@ tlsm_auth_cert_handler(void *arg, PRFileDesc *fd,
 {
        SECCertificateUsage certUsage = isServer ? certificateUsageSSLClient : certificateUsageSSLServer;
        SECStatus ret = SECSuccess;
+       CERTCertificate *peercert = SSL_PeerCertificate( fd );
 
-       ret = tlsm_verify_cert( (CERTCertDBHandle *)arg, SSL_PeerCertificate( fd ),
+       ret = tlsm_verify_cert( (CERTCertDBHandle *)arg, peercert,
                                                        SSL_RevealPinArg( fd ),
                                                        checksig, certUsage, 0 );
+       CERT_DestroyCertificate( peercert );
 
        return ret;
 }