From 04c18fa04b3273128a9d96fff37ec4d70c42446f Mon Sep 17 00:00:00 2001 From: Cedric Izoard Date: Tue, 14 Jun 2016 12:49:00 +0000 Subject: [PATCH] curl: Don't free memory for subjectAltName before calling callback Freeing memory for subjectAltName in parse_cert(), will give cert_cb pointers to freed memory zone that may already been overwritten. Memory for subjectAltName is released in parse_cert_free(). Signed-off-by: Cedric Izoard --- src/utils/http_curl.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/src/utils/http_curl.c b/src/utils/http_curl.c index d59439896..a06aae8d9 100644 --- a/src/utils/http_curl.c +++ b/src/utils/http_curl.c @@ -857,10 +857,8 @@ static void parse_cert(struct http_ctx *ctx, struct http_cert *hcert, os_memset(hcert, 0, sizeof(*hcert)); *names = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL); - if (*names) { + if (*names) add_alt_names(ctx, hcert, *names); - sk_GENERAL_NAME_pop_free(*names, GENERAL_NAME_free); - } add_logotype_ext(ctx, hcert, cert); }