From 7ffec45913adc02a5c5f6a2cfe95a41d42ae535c Mon Sep 17 00:00:00 2001 From: Matthias Andree Date: Thu, 13 Dec 2012 23:44:37 +0100 Subject: Plug a memory leak in OpenSSL's certificate verification callback. This would affect fetchmail configurations running with SSL in daemon mode more than one-shot runs. Reported by Erik Thiele, and pinned by Dominik, Debian Bug #688015. This bug was introduced into fetchmail 6.2.9 (committed 2005-10-29) when support for subjectAltName was added through a patch by Roland Stigge, submitted as Debian Bug#201113. --- NEWS | 10 +++++++++- socket.c | 2 +- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/NEWS b/NEWS index 0896aa2c..ea45a4c4 100644 --- a/NEWS +++ b/NEWS @@ -63,7 +63,15 @@ Should a 7.0 release be made earlier, chances are that the 6.3.X branch is abandoned and its changes be folded into the 7.0 release, with changes after 6.3.24 not available on their own in a newer 6.3.X release. -# REGRESSION FIX +# CRITICAL AND REGRESSION FIXES +* Plug a memory leak in OpenSSL's certificate verification callback. + This would affect fetchmail configurations running with SSL in daemon mode + more than one-shot runs. + Reported by Erik Thiele, and pinned by Dominik, Debian Bug #688015. + This bug was introduced into fetchmail 6.2.9 (committed 2005-10-29) + when support for subjectAltName was added through a patch by Roland + Stigge, submitted as Debian Bug#201113. + * The --logfile option now works again outside daemon mode, reported by Heinz Diehl. The documentation that I had been reading was inconsistent with the code, and only parts of the manual page claimed that --logfile was only diff --git a/socket.c b/socket.c index 634b4760..3e4a3acd 100644 --- a/socket.c +++ b/socket.c @@ -689,7 +689,7 @@ static int SSL_verify_callback( int ok_return, X509_STORE_CTX *ctx, int strict ) } } } - sk_GENERAL_NAME_free(gens); + GENERAL_NAMES_free(gens); } if (name_match(p1, p2)) { matched = 1; -- cgit v1.2.3