Don't leak gnutls certs on preauth validation failure.

author Brendan Cully <brendan@kublai.com>

Thu, 28 May 2009 05:52:04 +0000 (22:52 -0700)

committer Brendan Cully <brendan@kublai.com>

Thu, 28 May 2009 05:52:04 +0000 (22:52 -0700)
author Brendan Cully <brendan@kublai.com>
Thu, 28 May 2009 05:52:04 +0000 (22:52 -0700)
committer Brendan Cully <brendan@kublai.com>
Thu, 28 May 2009 05:52:04 +0000 (22:52 -0700)
diff --git a/mutt_ssl_gnutls.c b/mutt_ssl_gnutls.c

index a51e6b0587773c5a268a8beb058fd6da53c426ea..e840694e59f01d23d12e554471780d2543f17cb6 100644 (file)
--- a/mutt_ssl_gnutls.c
+++ b/mutt_ssl_gnutls.c
@@ -634,6 +634,8 @@ static int tls_check_preauth (const gnutls_datum_t *certdata,
      certstat ^= GNUTLS_CERT_SIGNER_NOT_CA;
    }
  
+  gnutls_x509_crt_deinit (cert);
+
    /* OK if signed by (or is) a trusted certificate */
    /* we've been zeroing the interesting bits in certstat -
     don't return OK if there are any unhandled bits we don't
@@ -641,10 +643,7 @@ static int tls_check_preauth (const gnutls_datum_t *certdata,
    if (!(*certerr & (CERTERR_EXPIRED | CERTERR_NOTYETVALID
                      | CERTERR_HOSTNAME | CERTERR_NOTTRUSTED))
        && certstat == 0)
-  {
-    gnutls_x509_crt_deinit (cert);
      return 0;
-  }
  
    return -1;
  }
author	Brendan Cully <brendan@kublai.com>
	Thu, 28 May 2009 05:52:04 +0000 (22:52 -0700)
committer	Brendan Cully <brendan@kublai.com>
	Thu, 28 May 2009 05:52:04 +0000 (22:52 -0700)