openssl: fix subjectAltNames leak

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
author: Felix Fietkau <nbd@openwrt.org> 2014-04-03 16:57:38 +0200
committer: Felix Fietkau <nbd@openwrt.org> 2014-04-03 16:57:38 +0200
commit: 33853d63aa9d308fc7b0dee1ddbd312bc99e4bed (patch)
tree: 5cc56838dba5cc7a0b33e41d8efd2cc772bfb000
parent: 67aeda4a4207f6ae0bc2efad93f25fd4bc74acb6 (diff)
download: ustream-ssl-33853d63aa9d308fc7b0dee1ddbd312bc99e4bed.tar.gz
1 files changed, 7 insertions, 3 deletions
diff --git a/ustream-openssl.c b/ustream-openssl.c
index 787cc38..3abc6e2 100644
--- a/ustream-openssl.c
+++ b/ustream-openssl.c
@@ -160,6 +160,7 @@ static bool ustream_ssl_verify_cn_alt(struct ustream_ssl *us, X509 *cert)
 {
 	GENERAL_NAMES *alt_names;
 	int i, n_alt;
+	bool ret = false;
 
 	alt_names = X509_get_ext_d2i (cert, NID_subject_alt_name, NULL, NULL);
 	if (!alt_names)
@@ -175,11 +176,14 @@ static bool ustream_ssl_verify_cn_alt(struct ustream_ssl *us, X509 *cert)
 		if (name->type != GEN_DNS)
 			continue;
 
-		if (host_pattern_match_asn1(name->d.dNSName, us->peer_cn))
-			return true;
+		if (host_pattern_match_asn1(name->d.dNSName, us->peer_cn)) {
+			ret = true;
+			break;
+		}
 	}
 
-	return false;
+	sk_GENERAL_NAME_free(alt_names);
+	return ret;
 }
 
 static bool ustream_ssl_verify_cn(struct ustream_ssl *us, X509 *cert)
author	Felix Fietkau <nbd@openwrt.org>	2014-04-03 16:57:38 +0200
committer	Felix Fietkau <nbd@openwrt.org>	2014-04-03 16:57:38 +0200
commit	33853d63aa9d308fc7b0dee1ddbd312bc99e4bed (patch)
tree	5cc56838dba5cc7a0b33e41d8efd2cc772bfb000
parent	67aeda4a4207f6ae0bc2efad93f25fd4bc74acb6 (diff)
download	ustream-ssl-33853d63aa9d308fc7b0dee1ddbd312bc99e4bed.tar.gz