From c14dd495f8242871782f7a8ec9da246a8f92e708 Mon Sep 17 00:00:00 2001
From: Kevin McCarthy <kevin@8t8.us>
Date: Sun, 12 Feb 2017 12:24:51 -0800
Subject: [PATCH] Fix potential cert memory leak in
 check_certificate_by_digest().

Thanks to Matthias Andree's debugging, it appears the cert is not
freed when PEM_read_X509() encounters EOF.  Change the return value
check to not overwrite cert.  It is already updated via the second
parameter.
---
 mutt_ssl.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mutt_ssl.c b/mutt_ssl.c
index c63cda5d..a1fa1a3a 100644
--- a/mutt_ssl.c
+++ b/mutt_ssl.c
@@ -763,7 +763,7 @@ static int check_certificate_by_digest (X509 *peercert)
     return 0;
   }
 
-  while ((cert = PEM_read_X509 (fp, &cert, NULL, NULL)) != NULL)
+  while (PEM_read_X509 (fp, &cert, NULL, NULL) != NULL)
   {
     pass = compare_certificates (cert, peercert, peermd, peermdlen) ? 0 : 1;
 
-- 
2.40.0