From 4e817240093c4fbd69c8c97b69bb5c62368cad19 Mon Sep 17 00:00:00 2001
From: Rich Megginson <rmeggins@redhat.com>
Date: Wed, 29 Jun 2011 10:47:10 -0600
Subject: [PATCH] ITS#6980 free the result of SSL_PeerCertificate

In tlsm_auth_cert_handler, we get the peer's cert from the socket using
SSL_PeerCertificate.  This value is allocated and/or cached.  We must
destroy it using CERT_DestroyCertificate.
---
 libraries/libldap/tls_m.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/libraries/libldap/tls_m.c b/libraries/libldap/tls_m.c
index 224b571842..32af7ec7c0 100644
--- a/libraries/libldap/tls_m.c
+++ b/libraries/libldap/tls_m.c
@@ -1030,10 +1030,12 @@ tlsm_auth_cert_handler(void *arg, PRFileDesc *fd,
 {
 	SECCertificateUsage certUsage = isServer ? certificateUsageSSLClient : certificateUsageSSLServer;
 	SECStatus ret = SECSuccess;
+	CERTCertificate *peercert = SSL_PeerCertificate( fd );
 
-	ret = tlsm_verify_cert( (CERTCertDBHandle *)arg, SSL_PeerCertificate( fd ),
+	ret = tlsm_verify_cert( (CERTCertDBHandle *)arg, peercert,
 							SSL_RevealPinArg( fd ),
 							checksig, certUsage, 0 );
+	CERT_DestroyCertificate( peercert );
 
 	return ret;
 }
-- 
GitLab