From 2c3086fbb521ca47de049cea87fe3bdf36cb3e1b Mon Sep 17 00:00:00 2001 From: jca Date: Mon, 19 May 2014 20:09:22 +0000 Subject: [PATCH] X509_free() the certificate if the server hostname check fails. No functional change. Reported by Mike Small and Maxime Villard. --- usr.bin/ftp/fetch.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/usr.bin/ftp/fetch.c b/usr.bin/ftp/fetch.c index 8083a8a15a0..3579b27b47a 100644 --- a/usr.bin/ftp/fetch.c +++ b/usr.bin/ftp/fetch.c @@ -1,4 +1,4 @@ -/* $OpenBSD: fetch.c,v 1.120 2014/05/19 20:05:09 jca Exp $ */ +/* $OpenBSD: fetch.c,v 1.121 2014/05/19 20:09:22 jca Exp $ */ /* $NetBSD: fetch.c,v 1.14 1997/08/18 10:20:20 lukem Exp $ */ /*- @@ -856,6 +856,7 @@ again: } if (ssl_check_hostname(cert, host) != 0) { + X509_free(cert); fprintf(ttyout, "%s: host `%s' not present in" " server certificate\n", getprogname(), host); -- 2.20.1