CLEANUP: ssl: make ssl_sock_free_srv_ctx() zero the pointers after free

In ssl_sock_free_srv_ctx() there are some calls to free() which are not
followed by a zeroing of the pointers. For now this function is only used
during deinit but it could be used at run time in the near future, so
better secure this.

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 580c6fe143a8b0248f160012cb4609dca159e868..b10281a00dd7572ae70dc8c23f2e86561abeb4a7 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -4996,22 +4996,24 @@ void ssl_sock_free_srv_ctx(struct server *srv)
 {
 #ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
        if (srv->ssl_ctx.alpn_str)
-               free(srv->ssl_ctx.alpn_str);
+               ha_free(&srv->ssl_ctx.alpn_str);
 #endif
 #ifdef OPENSSL_NPN_NEGOTIATED
        if (srv->ssl_ctx.npn_str)
-               free(srv->ssl_ctx.npn_str);
+               ha_free(&srv->ssl_ctx.npn_str);
 #endif
        if (srv->ssl_ctx.reused_sess) {
                int i;
 
                for (i = 0; i < global.nbthread; i++)
-                       free(srv->ssl_ctx.reused_sess[i].ptr);
-               free(srv->ssl_ctx.reused_sess);
+                       ha_free(&srv->ssl_ctx.reused_sess[i].ptr);
+               ha_free(&srv->ssl_ctx.reused_sess);
        }
 
-       if (srv->ssl_ctx.ctx)
+       if (srv->ssl_ctx.ctx) {
                SSL_CTX_free(srv->ssl_ctx.ctx);
+               srv->ssl_ctx.ctx = NULL;
+       }
 }
 
 /* Walks down the two trees in bind_conf and frees all the certs. The pointer may