[glib-networking] Fix memory corruption caused by erroneous free

[Michael Catanzaro <mcatanzaro src gnome org>]

commit 48f3027b7ac8a28b829a5d98aefe16fcc68d29c4
Author: Ruslan N. Marchenko <me ruff mobi>
Date:   Tue Oct 13 08:03:30 2020 +0200

    Fix memory corruption caused by erroneous free

 tls/openssl/gtlsconnection-openssl.c | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)
---
diff --git a/tls/openssl/gtlsconnection-openssl.c b/tls/openssl/gtlsconnection-openssl.c
index 9e60b400..2a00684e 100644
--- a/tls/openssl/gtlsconnection-openssl.c
+++ b/tls/openssl/gtlsconnection-openssl.c
@@ -524,7 +524,8 @@ openssl_get_binding_tls_server_end_point (GTlsConnectionOpenssl  *tls,
   /* This is a drill */
   if (!data)
     {
-      X509_free (crt);
+      if (is_client)
+        X509_free (crt);
       return TRUE;
     }
 
@@ -537,6 +538,8 @@ openssl_get_binding_tls_server_end_point (GTlsConnectionOpenssl  *tls,
     case NID_md5_sha1:
       g_set_error (error, G_TLS_CHANNEL_BINDING_ERROR, G_TLS_CHANNEL_BINDING_ERROR_NOT_SUPPORTED,
                    _("Current X.509 certificate uses unknown or unsupported signature algorithm"));
+      if (is_client)
+        X509_free (crt);
       return FALSE;
     }
 
@@ -544,11 +547,13 @@ openssl_get_binding_tls_server_end_point (GTlsConnectionOpenssl  *tls,
   algo = EVP_get_digestbynid (algo_nid);
   if (X509_digest (crt, algo, data->data, &(data->len)))
     {
-      X509_free (crt);
+      if (is_client)
+        X509_free (crt);
       return TRUE;
     }
 
-  X509_free (crt);
+  if (is_client)
+    X509_free (crt);
   g_set_error (error, G_TLS_CHANNEL_BINDING_ERROR, G_TLS_CHANNEL_BINDING_ERROR_GENERAL_ERROR,
                _("Failed to generate X.509 certificate digest"));
   return FALSE;