From: Rich Megginson Date: Wed, 29 Jun 2011 16:47:10 +0000 (-0600) Subject: ITS#6980 free the result of SSL_PeerCertificate X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=d944920fd39f78d90995484e3721db5c350bd240;p=openldap ITS#6980 free the result of SSL_PeerCertificate In tlsm_auth_cert_handler, we get the peer's cert from the socket using SSL_PeerCertificate. This value is allocated and/or cached. We must destroy it using CERT_DestroyCertificate. --- diff --git a/libraries/libldap/tls_m.c b/libraries/libldap/tls_m.c index 224b571842..32af7ec7c0 100644 --- a/libraries/libldap/tls_m.c +++ b/libraries/libldap/tls_m.c @@ -1030,10 +1030,12 @@ tlsm_auth_cert_handler(void *arg, PRFileDesc *fd, { SECCertificateUsage certUsage = isServer ? certificateUsageSSLClient : certificateUsageSSLServer; SECStatus ret = SECSuccess; + CERTCertificate *peercert = SSL_PeerCertificate( fd ); - ret = tlsm_verify_cert( (CERTCertDBHandle *)arg, SSL_PeerCertificate( fd ), + ret = tlsm_verify_cert( (CERTCertDBHandle *)arg, peercert, SSL_RevealPinArg( fd ), checksig, certUsage, 0 ); + CERT_DestroyCertificate( peercert ); return ret; }