shithub: opusfile

Download patch

ref: 24cae65e2e34728d0d46e00b40b1d3fae637a256
parent: 3bc748078a135fc3b31a611c4074f1f416c3e758
author: Timothy B. Terriberry <[email protected]>
date: Sun Oct 28 00:37:40 EDT 2012

Fix potential memory leaks added in 3bc74807.

--- a/src/http.c
+++ b/src/http.c
@@ -1586,10 +1586,12 @@
        be tried as a rooted name first."
       That doesn't give us any security guarantees, of course (a subverted DNS
        could fail the original query and our resolver might still retry with a
-       local domain appended).*/
-    if(ip==NULL&&strchr(host,'.')==NULL)return 0;
+       local domain appended).
+      If we don't have a FQDN, just set the number of names to 0, so we'll fail
+       and clean up any resources we allocated.*/
+    if(ip==NULL&&strchr(host,'.')==NULL)nsan_names=0;
     /*RFC 2459 says there MUST be at least one, but we don't depend on it.*/
-    nsan_names=sk_GENERAL_NAME_num(san_names);
+    else nsan_names=sk_GENERAL_NAME_num(san_names);
     for(sni=0;sni<nsan_names;sni++){
       const GENERAL_NAME *name;
       name=sk_GENERAL_NAME_value(san_names,sni);
@@ -1625,13 +1627,12 @@
     sk_GENERAL_NAME_pop_free(san_names,GENERAL_NAME_free);
     if(addr!=NULL)freeaddrinfo(addr);
   }
-  else{
+  /*Do the same FQDN check we did above.
+    We don't do this once in advance for both cases, because in the
+     subjectAltName case we might have an IPv6 address without a dot.*/
+  else if(strchr(host,'.')!=NULL){
     int last_cn_loc;
     int cn_loc;
-    /*Do the same FQDN check we did above.
-      We don't do this once in advance for both cases, because in the
-       subjectAltName case we might have an IPv6 address without a dot.*/
-    if(strchr(host,'.')==NULL)return 0;
     /*If there is no subjectAltName, match against commonName.
       RFC 6125 says that at least one significant CA is known to issue certs
        with multiple CNs, although it SHOULD NOT.