From: mildis <me@mildis.org>
Date: Wed, 22 Jun 2016 15:46:29 +0000 (+0200)
Subject: BUG/MINOR: ssl: close ssl key file on error
X-Git-Tag: v1.7-dev4~53
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=16aa0153b50cc051432ffd82a86ea0a1e258e650;p=thirdparty%2Fhaproxy.git

BUG/MINOR: ssl: close ssl key file on error

Explicitly close the FILE opened to read the ssl key file when parsing
fails to find a valid key.

This fix needs to be backported to 1.6.
---

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 6635d5c848..88d74d2495 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -5401,6 +5401,7 @@ static int bind_parse_tls_ticket_keys(char **args, int cur_arg, struct proxy *px
 		if (base64dec(thisline, len, (char *) (keys_ref->tlskeys + i % TLS_TICKETS_NO), sizeof(struct tls_sess_key)) != sizeof(struct tls_sess_key)) {
 			if (err)
 				memprintf(err, "'%s' : unable to decode base64 key on line %d", args[cur_arg+1], i + 1);
+			fclose(f);
 			return ERR_ALERT | ERR_FATAL;
 		}
 		i++;
@@ -5409,6 +5410,7 @@ static int bind_parse_tls_ticket_keys(char **args, int cur_arg, struct proxy *px
 	if (i < TLS_TICKETS_NO) {
 		if (err)
 			memprintf(err, "'%s' : please supply at least %d keys in the tls-tickets-file", args[cur_arg+1], TLS_TICKETS_NO);
+		fclose(f);
 		return ERR_ALERT | ERR_FATAL;
 	}