Bug 1335069 - Don't leak public key when falling back to SHA-1 signat…

…ures for client certs r=bustage
sailfishos-mirror · Jan 31, 2017 · 0e83c0f · 0e83c0f
1 parent 8fa4317
commit 0e83c0f
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c
@@ -6503,7 +6503,9 @@ ssl_PickClientSignatureScheme(sslSocket *ss, const SSLSignatureScheme *schemes,
     if (!isTLS13 && numSchemes == 0) {
         /* If the server didn't provide any signature algorithms
          * then let's assume they support SHA-1. */
-        return ssl_PickFallbackSignatureScheme(ss, pubKey);
+        rv = ssl_PickFallbackSignatureScheme(ss, pubKey);
+        SECKEY_DestroyPublicKey(pubKey);
+        return rv;
     }
 
     PORT_Assert(schemes && numSchemes > 0);