BUG/MINOR: hlua: fix leak in hlua_ckch_set() error path

in hlua_ckch_commit_yield() and hlua_ckch_set(), when an error occurs,
we enter the error path and try to raise an error from the <err> msg
pointer which must be freed afterwards.

However, the fact that luaL_error() never returns was overlooked, because
of that <err> msg is never freed in such case.

To fix the issue, let's use hlua_pushfstring_safe() helper to push the
err on the lua stack and then free it before throwing the error using
lua_error().

It should be backported up to 2.6 with 30fcca18 ("MINOR: ssl/lua:
CertCache.set() allows to update an SSL certificate file")

diff --git a/src/hlua.c b/src/hlua.c
index 227d3b60ca2610964b435f1e5fd45ee7a6d351ea..f108c6ed8a048bd5e592de1e0d7cf067d53f6ccb 100644 (file)
--- a/src/hlua.c
+++ b/src/hlua.c
@@ -13135,8 +13135,9 @@ __LJMP static int hlua_ckch_commit_yield(lua_State *L, int status, lua_KContext
 error:
        ckch_store_free(new_ckchs);
        HA_SPIN_UNLOCK(CKCH_LOCK, &ckch_lock);
-       WILL_LJMP(luaL_error(L, "%s", err));
+       hlua_pushfstring_safe(L, "%s", err);
        free(err);
+       WILL_LJMP(lua_error(L));
 
        return 0;
 }
@@ -13279,7 +13280,9 @@ end:
 
        if (errcode & ERR_CODE) {
                ckch_store_free(new_ckchs);
-               WILL_LJMP(luaL_error(L, "%s", err));
+               hlua_pushfstring_safe(L, "%s", err);
+               free(err);
+               WILL_LJMP(lua_error(L));
        }
        free(err);