BUG/MINOR: ssl/cli: free BIO upon error in 'show ssl cert'

Fix a memory leak that could happen upon a "show ssl cert" if notBefore:
or notAfter: failed to extract its ASN1 string.

Introduced by d4f946c ("MINOR: ssl/cli: 'show ssl cert' give information
on the certificates"). 2.2 only.

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index e5cee539c647a6a519859548a035150c60bfedad..bf571dd8a1addce90099fd6ec3df4791bf16a636 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -11293,6 +11293,7 @@ static int cli_io_handler_show_cert_detail(struct appctx *appctx)
                write = BIO_read(bio, tmp->area, tmp->size-1);
                tmp->area[write] = '\0';
                BIO_free(bio);
+               bio = NULL;
                chunk_appendf(out, "%s\n", tmp->area);
 
                chunk_appendf(out, "notAfter: ");
@@ -11305,6 +11306,7 @@ static int cli_io_handler_show_cert_detail(struct appctx *appctx)
                        goto end;
                tmp->area[write] = '\0';
                BIO_free(bio);
+               bio = NULL;
                chunk_appendf(out, "%s\n", tmp->area);
 
 #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
@@ -11372,6 +11374,8 @@ end:
                goto yield;
        }
 
+       if (bio)
+               BIO_free(bio);
        free_trash_chunk(tmp);
        free_trash_chunk(out);
        return 1;