credential-manager: Fix leaked signature params if self-signed cert is untrusted

jfhren-stormshield · tobiasbrunner · commit f25b1aca8ba6 · 2025-12-01T19:18:53.000+01:00
Closes strongswan#2954
diff --git a/src/libstrongswan/credentials/credential_manager.c b/src/libstrongswan/credentials/credential_manager.c
@@ -788,6 +788,7 @@ static bool verify_trust_chain(private_credential_manager_t *this,
 					DBG1(DBG_CFG, "  self-signed certificate \"%Y\" is not "
 						 "trusted", current->get_subject(current));
 					issuer->destroy(issuer);
+					signature_params_destroy(scheme);
 					call_hook(this, CRED_HOOK_UNTRUSTED_ROOT, current);
 					break;
 				}

Original file line number	Diff line number	Diff line change
`@@ -788,6 +788,7 @@ static bool verify_trust_chain(private_credential_manager_t *this,`
`788`	`788`	`DBG1(DBG_CFG, " self-signed certificate \"%Y\" is not "`
`789`	`789`	`"trusted", current->get_subject(current));`
`790`	`790`	`issuer->destroy(issuer);`
	`791`	`+ signature_params_destroy(scheme);`
`791`	`792`	`call_hook(this, CRED_HOOK_UNTRUSTED_ROOT, current);`
`792`	`793`	`break;`
`793`	`794`	`}`