diff options
author | Daniel Stenberg <daniel@haxx.se> | 2023-01-02 16:42:55 +0100 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2023-01-03 09:02:15 +0100 |
commit | 4fc7737742260025e346e4bfc99bc5fdd9096db4 (patch) | |
tree | b5e23fcb2244956b5d96e52340eb40face7bb3f1 | |
parent | e6002e9012b4d153def9db42736a28e997a38c1d (diff) | |
download | curl-4fc7737742260025e346e4bfc99bc5fdd9096db4.tar.gz |
Revert "x509asn1: avoid freeing unallocated pointers"
This reverts commit 6b19247e794cfdf4ec63c5880d8f4f5485f653ab.
Fixes #10163
Closes #10207
-rw-r--r-- | lib/vtls/x509asn1.c | 17 |
1 files changed, 9 insertions, 8 deletions
diff --git a/lib/vtls/x509asn1.c b/lib/vtls/x509asn1.c index 4c1c9a8b7..4ee822952 100644 --- a/lib/vtls/x509asn1.c +++ b/lib/vtls/x509asn1.c @@ -1348,15 +1348,14 @@ CURLcode Curl_verifyhost(struct Curl_cfilter *cf, break; switch(name.tag) { case 2: /* DNS name. */ - matched = 0; len = utf8asn1str(&dnsname, CURL_ASN1_IA5_STRING, name.beg, name.end); - if(len > 0) { - if(size_t)len == strlen(dnsname) - matched = Curl_cert_hostcheck(dnsname, (size_t)len, - connssl->hostname, hostlen); - free(dnsname); - } + if(len > 0 && (size_t)len == strlen(dnsname)) + matched = Curl_cert_hostcheck(dnsname, (size_t)len, + connssl->hostname, hostlen); + else + matched = 0; + free(dnsname); break; case 7: /* IP address. */ @@ -1406,8 +1405,10 @@ CURLcode Curl_verifyhost(struct Curl_cfilter *cf, failf(data, "SSL: unable to obtain common name from peer certificate"); else { len = utf8asn1str(&dnsname, elem.tag, elem.beg, elem.end); - if(len < 0) + if(len < 0) { + free(dnsname); return CURLE_OUT_OF_MEMORY; + } if(strlen(dnsname) != (size_t) len) /* Nul byte in string ? */ failf(data, "SSL: illegal cert name field"); else if(Curl_cert_hostcheck((const char *) dnsname, |