[xmlsec] Possible - memory leak in xmlSecX509DataDestroy

Fri Jul 19 02:47:07 PDT 2002

Hello Aleksey,

Source code of xmlSecX509DataDestroy function have
this:
...
    if(x509Data->certs != NULL) {
        sk_X509_pop_free(x509Data->certs, X509_free); 
    } else if(x509Data->verified != NULL) {
        X509_free(x509Data->verified); 
    }
...

-> but in xmlSecX509StoreVerify where have
code assigning x509Data->verified value,
not have code for free x509Data->certs and assigning NULL.
 xmlSecX509StoreVerify code:
 ...
                if(ret == 1) {
                    x509Data->verified = cert;
                    return(1);
                }
...

in this case x509Data->verified never free.

-- 
Best regards,
 Dmitry
--

------------------------------------
Mail.Ru - удобно, доступно, надежно!
------------------------------------