BUG/MINOR: server/ssl: free the SNI sample expression

ASAN complains about the SNI expression not being free upon an haproxy
-c. Indeed the httpclient is now initialized with a sni expression and
this one is never free in the server release code.

Must be backported in 2.5 and could be backported in every stable
versions.

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 83c3a386536831b8330e4005b6c7f302332cc527..19a166aa98c89d40553825fa1e3eac06a5f4406c 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -69,6 +69,7 @@
 #include <haproxy/ssl_crtlist.h>
 #include <haproxy/ssl_sock.h>
 #include <haproxy/ssl_utils.h>
+#include <haproxy/sample.h>
 #include <haproxy/stats.h>
 #include <haproxy/stream-t.h>
 #include <haproxy/stream_interface.h>
@@ -5445,6 +5446,8 @@ void ssl_sock_free_srv_ctx(struct server *srv)
        ha_free(&srv->ssl_ctx.verify_host);
 #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
        ha_free(&srv->sni_expr);
+       release_sample_expr(srv->ssl_ctx.sni);
+       srv->ssl_ctx.sni = NULL;
 #endif
        ha_free(&srv->ssl_ctx.ciphers);
 #ifdef HAVE_SSL_CTX_SET_CIPHERSUITES