------------------------------------------------------------
revno: 11807
revision-id: squid3@treenet.co.nz-20130426041024-gsp3f5hriq9sosn1
parent: squid3@treenet.co.nz-20130426040834-koafyookpivlitck
fixes bug(s): http://bugs.squid-cache.org/show_bug.cgi?id=3817
author: Christos Tsantilas <chtsanti@users.sourceforge.net>
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: 3.2
timestamp: Thu 2013-04-25 22:10:24 -0600
message:
  Bug 3817: Memory leak in SSL cert validate for alt_name peer certs
  
  Inside function Ssl::matchX509CommonNames which checks a domain name against
  certificate common name and alternate names, if the domain matches any of the
  alternate names the function return without releasing allocated data.
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20130426041024-gsp3f5hriq9sosn1
# target_branch: http://bzr.squid-cache.org/bzr/squid3/branches\
#   /SQUID_3_2
# testament_sha1: fd4f8d17acc96110cb3737ea0ab3dc1786286655
# timestamp: 2013-04-26 04:14:17 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/branches\
#   /SQUID_3_2
# base_revision_id: squid3@treenet.co.nz-20130426040834-\
#   koafyookpivlitck
# 
# Begin patch
=== modified file 'src/ssl/support.cc'
--- src/ssl/support.cc	2013-02-01 04:54:23 +0000
+++ src/ssl/support.cc	2013-04-26 04:10:24 +0000
@@ -177,8 +177,10 @@
             }
             ASN1_STRING *cn_data = check->d.dNSName;
 
-            if ( (*check_func)(check_data, cn_data) == 0)
+            if ( (*check_func)(check_data, cn_data) == 0) {
+                sk_GENERAL_NAME_pop_free(altnames, GENERAL_NAME_free);
                 return 1;
+            }
         }
         sk_GENERAL_NAME_pop_free(altnames, GENERAL_NAME_free);
     }