From: Kevin McCarthy Date: Sun, 12 Feb 2017 20:24:51 +0000 (-0800) Subject: Fix potential cert memory leak in check_certificate_by_digest(). X-Git-Tag: neomutt-20170225~13^2~2 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=67dd5616b41caa54f7bacb02b270fc80286f8d47;p=neomutt Fix potential cert memory leak in check_certificate_by_digest(). Thanks to Matthias Andree's debugging, it appears the cert is not freed when PEM_read_X509() encounters EOF. Change the return value check to not overwrite cert. It is already updated via the second parameter. --- diff --git a/mutt_ssl.c b/mutt_ssl.c index 3d310b2b0..fbda79970 100644 --- a/mutt_ssl.c +++ b/mutt_ssl.c @@ -776,7 +776,7 @@ static int check_certificate_by_digest (X509 *peercert) return 0; } - while ((cert = PEM_read_X509 (fp, &cert, NULL, NULL)) != NULL) + while (PEM_read_X509 (fp, &cert, NULL, NULL) != NULL) { pass = compare_certificates (cert, peercert, peermd, peermdlen) ? 0 : 1;