aboutsummaryrefslogtreecommitdiffstats
path: root/src/utils
diff options
context:
space:
mode:
authorJouni Malinen <jouni@qca.qualcomm.com>2016-02-15 22:40:41 (GMT)
committerJouni Malinen <j@w1.fi>2016-02-15 22:40:41 (GMT)
commitd9a0f69747fbf00d3b8737f563b9f929bb952634 (patch)
treeb2a48444924b81a73e7c0161bb600311297c538d /src/utils
parent29bc76e3d3252dfc311d1ffaa15be66abd8509ee (diff)
downloadhostap-d9a0f69747fbf00d3b8737f563b9f929bb952634.zip
hostap-d9a0f69747fbf00d3b8737f563b9f929bb952634.tar.gz
hostap-d9a0f69747fbf00d3b8737f563b9f929bb952634.tar.bz2
OpenSSL: Fix memory leak in OCSP parsing
The result from OCSP_cert_to_id() needs to be freed. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Diffstat (limited to 'src/utils')
-rw-r--r--src/utils/http_curl.c2
1 files changed, 2 insertions, 0 deletions
diff --git a/src/utils/http_curl.c b/src/utils/http_curl.c
index 9be0111..d594398 100644
--- a/src/utils/http_curl.c
+++ b/src/utils/http_curl.c
@@ -1216,6 +1216,7 @@ static int ocsp_resp_cb(SSL *s, void *arg)
wpa_printf(MSG_INFO, "OpenSSL: Could not find current server certificate from OCSP response%s",
(ctx->ocsp == MANDATORY_OCSP) ? "" :
" (OCSP not required)");
+ OCSP_CERTID_free(id);
OCSP_BASICRESP_free(basic);
OCSP_RESPONSE_free(rsp);
if (ctx->ocsp == MANDATORY_OCSP)
@@ -1223,6 +1224,7 @@ static int ocsp_resp_cb(SSL *s, void *arg)
ctx->last_err = "Could not find current server certificate from OCSP response";
return (ctx->ocsp == MANDATORY_OCSP) ? 0 : 1;
}
+ OCSP_CERTID_free(id);
if (!OCSP_check_validity(this_update, next_update, 5 * 60, -1)) {
tls_show_errors(__func__, "OpenSSL: OCSP status times invalid");