From: Emmanuel Hocdet <manu@gandi.net>
Date: Thu, 16 Jan 2020 14:15:49 +0000 (+0100)
Subject: BUG/MINOR: ssl: ssl_sock_load_sctl_from_file memory leak
X-Git-Tag: v2.2-dev1~12
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=224a087a271b513b3f0a0f08ed23cde42919e0f6;p=thirdparty%2Fhaproxy.git

BUG/MINOR: ssl: ssl_sock_load_sctl_from_file memory leak

"set ssl cert <filename.sctl> <payload>" CLI command must free
previous context.

This patch should be backport to 2.1
---

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index e2c58a50fb..b898537eb9 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -1606,10 +1606,14 @@ static int ssl_sock_load_sctl_from_file(const char *sctl_path, char *buf, struct
 		sctl = NULL;
 		goto end;
 	}
-	ret = 0;
-	/* TODO: free the previous SCTL in the ckch */
+	/* no error, fill ckch with new context, old context must be free */
+	if (ckch->sctl) {
+		free(ckch->sctl->area);
+		ckch->sctl->area = NULL;
+		free(ckch->sctl);
+	}
 	ckch->sctl = sctl;
-
+	ret = 0;
 end:
 	if (fd != -1)
 		close(fd);