]> git.ipfire.org Git - thirdparty/haproxy.git/commitdiff
projects / thirdparty / haproxy.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ae51877)
BUG/MINOR: ssl: Fix potential leak in cli_parse_update_ocsp_response
authorRemi Tricot-Le Breton <rlebreton@haproxy.com>
Tue, 21 Mar 2023 09:28:34 +0000 (10:28 +0100)
committerWilliam Lallemand <wlallemand@haproxy.org>
Fri, 31 Mar 2023 07:10:36 +0000 (09:10 +0200)
In some extremely unlikely case (or even impossible for now), we might
exit cli_parse_update_ocsp_response without raising an error but with a
filled 'err' buffer. It was not properly free'd.

It does not need to be backported.

src/ssl_ocsp.c patch | blob | blame | history

diff --git a/src/ssl_ocsp.c b/src/ssl_ocsp.c
index 979a87b21cff97990e9bd57c9f8f2455ed596c1c..8a7cb272765637e100823e84f770ca0bcff97f2a 100644 (file)
--- a/src/ssl_ocsp.c
+++ b/src/ssl_ocsp.c
@@ -1397,6 +1397,8 @@ static int cli_parse_update_ocsp_response(char **args, char *payload, struct app
 
        task_wakeup(ocsp_update_task, TASK_WOKEN_MSG);
 
+       free(err);
+
        return 0;
 
 end:
Mirror of https://github.com/haproxy/haproxy.git