From: Rich Megginson <rmeggins@redhat.com>
Date: Wed, 29 Jun 2011 16:47:10 +0000 (-0600)
Subject: ITS#6980 free the result of SSL_PeerCertificate
X-Git-Tag: OPENLDAP_REL_ENG_2_4_27~328
X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=4e817240093c4fbd69c8c97b69bb5c62368cad19;p=openldap

ITS#6980 free the result of SSL_PeerCertificate

In tlsm_auth_cert_handler, we get the peer's cert from the socket using
SSL_PeerCertificate.  This value is allocated and/or cached.  We must
destroy it using CERT_DestroyCertificate.
---

diff --git a/libraries/libldap/tls_m.c b/libraries/libldap/tls_m.c
index 224b571842..32af7ec7c0 100644
--- a/libraries/libldap/tls_m.c
+++ b/libraries/libldap/tls_m.c
@@ -1030,10 +1030,12 @@ tlsm_auth_cert_handler(void *arg, PRFileDesc *fd,
 {
 	SECCertificateUsage certUsage = isServer ? certificateUsageSSLClient : certificateUsageSSLServer;
 	SECStatus ret = SECSuccess;
+	CERTCertificate *peercert = SSL_PeerCertificate( fd );
 
-	ret = tlsm_verify_cert( (CERTCertDBHandle *)arg, SSL_PeerCertificate( fd ),
+	ret = tlsm_verify_cert( (CERTCertDBHandle *)arg, peercert,
 							SSL_RevealPinArg( fd ),
 							checksig, certUsage, 0 );
+	CERT_DestroyCertificate( peercert );
 
 	return ret;
 }