BUG/MINOR: ssl: memleak of struct crtlist_entry

There is a memleak of the entry structure in crtlist_load_cert_dir(), in
the case we can't stat the file, or this is not a regular file. Let's
move the entry allocation so it's done after these tests.

Fix issue #551.

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 2c7892c163bf21f1bc8e3240f14855f5ec3c4118..73375bcf90e8f959485d9e74f2aae14cf15ffdfe 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -4478,6 +4478,16 @@ static int crtlist_load_cert_dir(char *path, struct bind_conf *bind_conf, struct
                        if (end && (!strcmp(end, ".issuer") || !strcmp(end, ".ocsp") || !strcmp(end, ".sctl") || !strcmp(end, ".key")))
                                goto ignore_entry;
 
+                       snprintf(fp, sizeof(fp), "%s/%s", path, de->d_name);
+                       if (stat(fp, &buf) != 0) {
+                               memprintf(err, "%sunable to stat SSL certificate from file '%s' : %s.\n",
+                                         err && *err ? *err : "", fp, strerror(errno));
+                               cfgerr |= ERR_ALERT | ERR_FATAL;
+                               goto ignore_entry;
+                       }
+                       if (!S_ISREG(buf.st_mode))
+                               goto ignore_entry;
+
                        entry = malloc(sizeof(*entry));
                        if (entry == NULL) {
                                memprintf(err, "not enough memory '%s'", fp);
@@ -4490,16 +4500,6 @@ static int crtlist_load_cert_dir(char *path, struct bind_conf *bind_conf, struct
                        entry->filters = NULL;
                        entry->ssl_conf = NULL;
 
-                       snprintf(fp, sizeof(fp), "%s/%s", path, de->d_name);
-                       if (stat(fp, &buf) != 0) {
-                               memprintf(err, "%sunable to stat SSL certificate from file '%s' : %s.\n",
-                                         err && *err ? *err : "", fp, strerror(errno));
-                               cfgerr |= ERR_ALERT | ERR_FATAL;
-                               goto ignore_entry;
-                       }
-                       if (!S_ISREG(buf.st_mode))
-                               goto ignore_entry;
-
 #if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
                        is_bundle = 0;
                        /* Check if current entry in directory is part of a multi-cert bundle */