From d944920fd39f78d90995484e3721db5c350bd240 Mon Sep 17 00:00:00 2001 From: Rich Megginson Date: Wed, 29 Jun 2011 10:47:10 -0600 Subject: [PATCH] ITS#6980 free the result of SSL_PeerCertificate In tlsm_auth_cert_handler, we get the peer's cert from the socket using SSL_PeerCertificate. This value is allocated and/or cached. We must destroy it using CERT_DestroyCertificate. --- libraries/libldap/tls_m.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/libraries/libldap/tls_m.c b/libraries/libldap/tls_m.c index 224b571842..32af7ec7c0 100644 --- a/libraries/libldap/tls_m.c +++ b/libraries/libldap/tls_m.c @@ -1030,10 +1030,12 @@ tlsm_auth_cert_handler(void *arg, PRFileDesc *fd, { SECCertificateUsage certUsage = isServer ? certificateUsageSSLClient : certificateUsageSSLServer; SECStatus ret = SECSuccess; + CERTCertificate *peercert = SSL_PeerCertificate( fd ); - ret = tlsm_verify_cert( (CERTCertDBHandle *)arg, SSL_PeerCertificate( fd ), + ret = tlsm_verify_cert( (CERTCertDBHandle *)arg, peercert, SSL_RevealPinArg( fd ), checksig, certUsage, 0 ); + CERT_DestroyCertificate( peercert ); return ret; } -- 2.39.5