From: jca Date: Mon, 19 May 2014 20:09:22 +0000 (+0000) Subject: X509_free() the certificate if the server hostname check fails. X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=2c3086fbb521ca47de049cea87fe3bdf36cb3e1b;p=openbsd X509_free() the certificate if the server hostname check fails. No functional change. Reported by Mike Small and Maxime Villard. --- diff --git a/usr.bin/ftp/fetch.c b/usr.bin/ftp/fetch.c index 8083a8a15a0..3579b27b47a 100644 --- a/usr.bin/ftp/fetch.c +++ b/usr.bin/ftp/fetch.c @@ -1,4 +1,4 @@ -/* $OpenBSD: fetch.c,v 1.120 2014/05/19 20:05:09 jca Exp $ */ +/* $OpenBSD: fetch.c,v 1.121 2014/05/19 20:09:22 jca Exp $ */ /* $NetBSD: fetch.c,v 1.14 1997/08/18 10:20:20 lukem Exp $ */ /*- @@ -856,6 +856,7 @@ again: } if (ssl_check_hostname(cert, host) != 0) { + X509_free(cert); fprintf(ttyout, "%s: host `%s' not present in" " server certificate\n", getprogname(), host);