diff options
| author |   jca <jca@openbsd.org> | 2014-05-19 20:09:22 +0000 |
|---|---|---|
| committer | jca <jca@openbsd.org> | 2014-05-19 20:09:22 +0000 |
| commit | 2c3086fbb521ca47de049cea87fe3bdf36cb3e1b (patch) | |
| tree | 43e82153e7f76e7e8ed229b9b47b41f3e7679d20 | |
| parent | Fix several bounds checks in ssl_add_clienthello_tlsext() and (diff) | |
| download | wireguard-openbsd-2c3086fbb521ca47de049cea87fe3bdf36cb3e1b.tar.xz wireguard-openbsd-2c3086fbb521ca47de049cea87fe3bdf36cb3e1b.zip | |
X509_free() the certificate if the server hostname check fails.
No functional change. Reported by Mike Small and Maxime Villard.
| -rw-r--r-- | usr.bin/ftp/fetch.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/usr.bin/ftp/fetch.c b/usr.bin/ftp/fetch.c index 8083a8a15a0..3579b27b47a 100644 --- a/usr.bin/ftp/fetch.c +++ b/usr.bin/ftp/fetch.c @@ -1,4 +1,4 @@ -/* $OpenBSD: fetch.c,v 1.120 2014/05/19 20:05:09 jca Exp $ */ +/* $OpenBSD: fetch.c,v 1.121 2014/05/19 20:09:22 jca Exp $ */ /* $NetBSD: fetch.c,v 1.14 1997/08/18 10:20:20 lukem Exp $ */ /*- @@ -856,6 +856,7 @@ again: } if (ssl_check_hostname(cert, host) != 0) { + X509_free(cert); fprintf(ttyout, "%s: host `%s' not present in" " server certificate\n", getprogname(), host); |