]> git.ipfire.org Git - thirdparty/haproxy.git/commitdiff
projects / thirdparty / haproxy.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: caa1619)
BUG/MINOR: ssl: memleak of the struct cert_key_and_chain
authorWilliam Lallemand <wlallemand@haproxy.com>
Wed, 8 Apr 2020 15:38:27 +0000 (17:38 +0200)
committerWilliam Lallemand <wlallemand@haproxy.org>
Thu, 9 Apr 2020 13:40:26 +0000 (15:40 +0200)
Free the struct cert_key_and_chain when calling ckchs_free(),
a memory leak can occur when using 'commit ssl cert'.

Must be backported to 2.1.

src/ssl_sock.c patch | blob | blame | history

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 58776eec365c10af0d102bf1e85071cd07c7aaaf..8f84c676bf3a8230b6509622d010a416df322441 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -3762,12 +3762,16 @@ void ckchs_free(struct ckch_store *ckchs)
        if (ckchs->multi) {
                int n;
 
-               for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++)
+               for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
                        ssl_sock_free_cert_key_and_chain_contents(&ckchs->ckch[n]);
+               }
+               free(ckchs->ckch);
+               ckchs->ckch = NULL;
        } else
 #endif
        {
                ssl_sock_free_cert_key_and_chain_contents(ckchs->ckch);
+               free(ckchs->ckch);
                ckchs->ckch = NULL;
        }
 
Mirror of https://github.com/haproxy/haproxy.git