summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2023-01-02 16:42:55 +0100
committerDaniel Stenberg <daniel@haxx.se>2023-01-03 09:02:15 +0100
commit4fc7737742260025e346e4bfc99bc5fdd9096db4 (patch)
treeb5e23fcb2244956b5d96e52340eb40face7bb3f1
parente6002e9012b4d153def9db42736a28e997a38c1d (diff)
downloadcurl-4fc7737742260025e346e4bfc99bc5fdd9096db4.tar.gz
Revert "x509asn1: avoid freeing unallocated pointers"
This reverts commit 6b19247e794cfdf4ec63c5880d8f4f5485f653ab. Fixes #10163 Closes #10207
-rw-r--r--lib/vtls/x509asn1.c17
1 files changed, 9 insertions, 8 deletions
diff --git a/lib/vtls/x509asn1.c b/lib/vtls/x509asn1.c
index 4c1c9a8b7..4ee822952 100644
--- a/lib/vtls/x509asn1.c
+++ b/lib/vtls/x509asn1.c
@@ -1348,15 +1348,14 @@ CURLcode Curl_verifyhost(struct Curl_cfilter *cf,
break;
switch(name.tag) {
case 2: /* DNS name. */
- matched = 0;
len = utf8asn1str(&dnsname, CURL_ASN1_IA5_STRING,
name.beg, name.end);
- if(len > 0) {
- if(size_t)len == strlen(dnsname)
- matched = Curl_cert_hostcheck(dnsname, (size_t)len,
- connssl->hostname, hostlen);
- free(dnsname);
- }
+ if(len > 0 && (size_t)len == strlen(dnsname))
+ matched = Curl_cert_hostcheck(dnsname, (size_t)len,
+ connssl->hostname, hostlen);
+ else
+ matched = 0;
+ free(dnsname);
break;
case 7: /* IP address. */
@@ -1406,8 +1405,10 @@ CURLcode Curl_verifyhost(struct Curl_cfilter *cf,
failf(data, "SSL: unable to obtain common name from peer certificate");
else {
len = utf8asn1str(&dnsname, elem.tag, elem.beg, elem.end);
- if(len < 0)
+ if(len < 0) {
+ free(dnsname);
return CURLE_OUT_OF_MEMORY;
+ }
if(strlen(dnsname) != (size_t) len) /* Nul byte in string ? */
failf(data, "SSL: illegal cert name field");
else if(Curl_cert_hostcheck((const char *) dnsname,