projects / project / ustream-ssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 67aeda4)
openssl: fix subjectAltNames leak
authorFelix Fietkau <[email protected]>
Thu, 3 Apr 2014 14:57:38 +0000 (16:57 +0200)
committerFelix Fietkau <[email protected]>
Thu, 3 Apr 2014 14:57:38 +0000 (16:57 +0200)
Signed-off-by: Felix Fietkau <[email protected]>
ustream-openssl.c patch | blob | history

diff --git a/ustream-openssl.c b/ustream-openssl.c
index 787cc383a818644b9ce5624aa4a2c26bf05efc11..3abc6e20f0d4abca2d8dabb39738c4016f5432eb 100644 (file)
--- a/ustream-openssl.c
+++ b/ustream-openssl.c
@@ -160,6 +160,7 @@ static bool ustream_ssl_verify_cn_alt(struct ustream_ssl *us, X509 *cert)
 {
        GENERAL_NAMES *alt_names;
        int i, n_alt;
+       bool ret = false;
 
        alt_names = X509_get_ext_d2i (cert, NID_subject_alt_name, NULL, NULL);
        if (!alt_names)
@@ -175,11 +176,14 @@ static bool ustream_ssl_verify_cn_alt(struct ustream_ssl *us, X509 *cert)
                if (name->type != GEN_DNS)
                        continue;
 
-               if (host_pattern_match_asn1(name->d.dNSName, us->peer_cn))
-                       return true;
+               if (host_pattern_match_asn1(name->d.dNSName, us->peer_cn)) {
+                       ret = true;
+                       break;
+               }
        }
 
-       return false;
+       sk_GENERAL_NAME_free(alt_names);
+       return ret;
 }
 
 static bool ustream_ssl_verify_cn(struct ustream_ssl *us, X509 *cert)
ustream SSL wrapper