From 3a94b2c5a8dfbe570922d1962bc4a95dfe103da7 Mon Sep 17 00:00:00 2001
From: Tomas Weinfurt <tweinfurt@yahoo.com>
Date: Tue, 1 Sep 2020 17:35:25 -0700
Subject: [PATCH] free existingTrust when verifying certificate name on macOS
 (#41657)

* free existingTrust when verifying certificate name

* add back NL

* free existingTrust on error path as well
---
 .../Native/Unix/System.Security.Cryptography.Native.Apple/pal_ssl.c   | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_ssl.c b/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_ssl.c
index f764670..78497ce 100644
--- a/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_ssl.c
+++ b/src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/pal_ssl.c
@@ -392,6 +392,7 @@ int32_t AppleCryptoNative_SslIsHostnameMatch(SSLContextRef sslContext, CFStringR
     if (anchors == NULL)
     {
         CFRelease(certs);
+        CFRelease(existingTrust);
         return -6;
     }
 
@@ -513,6 +514,9 @@ int32_t AppleCryptoNative_SslIsHostnameMatch(SSLContextRef sslContext, CFStringR
     if (anchors != NULL)
         CFRelease(anchors);
 
+    if (existingTrust != NULL)
+        CFRelease(existingTrust);
+
     CFRelease(sslPolicy);
     return ret;
 }
-- 
2.7.4