BUG/MINOR: ssl: Do not free garbage pointers on memory allocation failure

In `ckch_inst_sni_ctx_to_sni_filters` use `calloc()` to allocate the filter
array. When the function fails to allocate memory for a single entry the
whole array will be `free()`d using free_sni_filters(). With the previous
`malloc()` the pointers for entries after the failing allocation could
possibly be a garbage value.

This bug was introduced in commit 38df1c8006a2adf97f4ad5a183f80cfdcba3da8a,
which is 2.2+. No backport needed.

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index a92f9c9131df7aadedbcdcb10b6ddf620edf68cf..3ff81727702604773ad206b6d42c0a8b6f58ea1c 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -3939,7 +3939,7 @@ static int ckch_inst_sni_ctx_to_sni_filters(const struct ckch_inst *ckchi, char
        if (!tmp_fcount)
                goto end;
 
-       tmp_filter = malloc(sizeof(*tmp_filter) * tmp_fcount);
+       tmp_filter = calloc(tmp_fcount, sizeof(*tmp_filter));
        if (!tmp_filter) {
                errcode |= ERR_FATAL|ERR_ALERT;
                goto error;