------------------------------------------------------------
revno: 12530
revision-id: squid3@treenet.co.nz-20130418053328-u0s5nyubm579zct8
parent: squid3@treenet.co.nz-20130418053217-rzs2w6kibjmb178k
fixes bug(s): http://bugs.squid-cache.org/show_bug.cgi?id=3817
author: Christos Tsantilas <chtsanti@users.sourceforge.net>
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: 3.3
timestamp: Wed 2013-04-17 23:33:28 -0600
message:
  Bug 3817: Memory leak in SSL cert validate for alt_name peer certs
  
  Inside function Ssl::matchX509CommonNames which checks a domain name against
  certificate common name and alternate names, if the domain matches any of the
  alternate names the function return without releasing allocated data.
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20130418053328-u0s5nyubm579zct8
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.3
# testament_sha1: a5881829779df5b5eda28035199f9feb6da32bca
# timestamp: 2013-04-18 05:35:49 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.3
# base_revision_id: squid3@treenet.co.nz-20130418053217-\
#   rzs2w6kibjmb178k
# 
# Begin patch
=== modified file 'src/ssl/support.cc'
--- src/ssl/support.cc	2013-01-22 11:12:37 +0000
+++ src/ssl/support.cc	2013-04-18 05:33:28 +0000
@@ -190,8 +190,10 @@
             }
             ASN1_STRING *cn_data = check->d.dNSName;
 
-            if ( (*check_func)(check_data, cn_data) == 0)
+            if ( (*check_func)(check_data, cn_data) == 0) {
+                sk_GENERAL_NAME_pop_free(altnames, GENERAL_NAME_free);
                 return 1;
+            }
         }
         sk_GENERAL_NAME_pop_free(altnames, GENERAL_NAME_free);
     }