openssl: fix subjectAltNames leak
authorFelix Fietkau <nbd@openwrt.org>
Thu, 3 Apr 2014 14:57:38 +0000 (16:57 +0200)
committerFelix Fietkau <nbd@openwrt.org>
Thu, 3 Apr 2014 14:57:38 +0000 (16:57 +0200)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
ustream-openssl.c

index 787cc383a818644b9ce5624aa4a2c26bf05efc11..3abc6e20f0d4abca2d8dabb39738c4016f5432eb 100644 (file)
@@ -160,6 +160,7 @@ static bool ustream_ssl_verify_cn_alt(struct ustream_ssl *us, X509 *cert)
 {
        GENERAL_NAMES *alt_names;
        int i, n_alt;
+       bool ret = false;
 
        alt_names = X509_get_ext_d2i (cert, NID_subject_alt_name, NULL, NULL);
        if (!alt_names)
@@ -175,11 +176,14 @@ static bool ustream_ssl_verify_cn_alt(struct ustream_ssl *us, X509 *cert)
                if (name->type != GEN_DNS)
                        continue;
 
-               if (host_pattern_match_asn1(name->d.dNSName, us->peer_cn))
-                       return true;
+               if (host_pattern_match_asn1(name->d.dNSName, us->peer_cn)) {
+                       ret = true;
+                       break;
+               }
        }
 
-       return false;
+       sk_GENERAL_NAME_free(alt_names);
+       return ret;
 }
 
 static bool ustream_ssl_verify_cn(struct ustream_ssl *us, X509 *cert)