diff mbox

[1/3] curl: Don't free memory for subjectAltName before calling callback

Message ID 5842EA9CC042B141995329508713AD672F8A60B1@ILMAIL1.corp.local
State Accepted
Headers show

Commit Message

Cedric Izoard June 14, 2016, 12:49 p.m. UTC 
Freeing memory for subjectAltName in parse_cert, will give cert_cb 
pointers to freed memory zone that may already been overwritten.
Memory for subjectAltName is released in parse_cert_free

Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
---
 src/utils/http_curl.c | 1 -
 1 file changed, 1 deletion(-)

Comments

Jouni Malinen June 19, 2016, 10 p.m. UTC | #1 
On Tue, Jun 14, 2016 at 12:49:00PM +0000, Cedric Izoard wrote:
> Freeing memory for subjectAltName in parse_cert, will give cert_cb 
> pointers to freed memory zone that may already been overwritten.
> Memory for subjectAltName is released in parse_cert_free

Thanks, applied.
diff mbox

Patch

diff --git a/src/utils/http_curl.c b/src/utils/http_curl.c
index d594398..eb41a96 100644
--- a/src/utils/http_curl.c
+++ b/src/utils/http_curl.c
@@ -859,7 +859,6 @@  static void parse_cert(struct http_ctx *ctx, struct http_cert *hcert,
 	*names = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
 	if (*names) {
 		add_alt_names(ctx, hcert, *names);
-		sk_GENERAL_NAME_pop_free(*names, GENERAL_NAME_free);
 	}
 
 	add_logotype_ext(ctx, hcert, cert);