From: William Lallemand <wlallemand@haproxy.com>
Date: Mon, 28 Apr 2025 14:33:48 +0000 (+0200)
Subject: BUG/MINOR: ssl/acme: free EVP_PKEY upon error
X-Git-Tag: v3.2-dev13~63
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=0897175d738effc82f47c06e5429996629452ac6;p=thirdparty%2Fhaproxy.git

BUG/MINOR: ssl/acme: free EVP_PKEY upon error

Free the EPV_PKEY upon error when the X509_REQ generation failed.

No backport needed.
---

diff --git a/src/acme.c b/src/acme.c
index 8303458be..ec5a3b902 100644
--- a/src/acme.c
+++ b/src/acme.c
@@ -2011,6 +2011,7 @@ static int cli_acme_renew_parse(char **args, char *payload, struct appctx *appct
 
 	EVP_PKEY_free(newstore->data->key);
 	newstore->data->key = pkey;
+	pkey = NULL;
 
 	ctx->req = acme_x509_req(pkey, store->conf.acme.domains);
 	if (!ctx->req) {
@@ -2028,6 +2029,7 @@ static int cli_acme_renew_parse(char **args, char *payload, struct appctx *appct
 
 err:
 	HA_SPIN_UNLOCK(CKCH_LOCK, &ckch_lock);
+	EVP_PKEY_free(pkey);
 	ckch_store_free(newstore);
 	EVP_PKEY_CTX_free(pkey_ctx);
 	free(ctx);