From: William Lallemand <wlallemand@haproxy.org>
Date: Thu, 30 Dec 2021 10:25:43 +0000 (+0100)
Subject: BUG/MINOR: ssl: free the fields in srv->ssl_ctx
X-Git-Tag: v2.6-dev1~211
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=231610ad9ccc2470930f7a728ba710a548677a65;p=thirdparty%2Fhaproxy.git

BUG/MINOR: ssl: free the fields in srv->ssl_ctx

A lot of free are missing in ssl_sock_free_srv_ctx(), this could result
in memory leaking when removing dynamically a server via the CLI.

This must be backported in every branches, by removing the fields that
does not exist in the previous branches.
---

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index a14dea3e3e..810560b527 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -5211,16 +5211,15 @@ int ssl_sock_prepare_bind_conf(struct bind_conf *bind_conf)
 	return -err;
 }
 
-/* release ssl context allocated for servers. */
+/* release ssl context allocated for servers.  Most of the field free here
+ * must also be allocated in srv_ssl_settings_cpy() */
 void ssl_sock_free_srv_ctx(struct server *srv)
 {
 #ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
-	if (srv->ssl_ctx.alpn_str)
-		ha_free(&srv->ssl_ctx.alpn_str);
+	ha_free(&srv->ssl_ctx.alpn_str);
 #endif
 #ifdef OPENSSL_NPN_NEGOTIATED
-	if (srv->ssl_ctx.npn_str)
-		ha_free(&srv->ssl_ctx.npn_str);
+	ha_free(&srv->ssl_ctx.npn_str);
 #endif
 	if (srv->ssl_ctx.reused_sess) {
 		int i;
@@ -5236,6 +5235,18 @@ void ssl_sock_free_srv_ctx(struct server *srv)
 		SSL_CTX_free(srv->ssl_ctx.ctx);
 		srv->ssl_ctx.ctx = NULL;
 	}
+
+	ha_free(&srv->ssl_ctx.ca_file);
+	ha_free(&srv->ssl_ctx.crl_file);
+	ha_free(&srv->ssl_ctx.client_crt);
+	ha_free(&srv->ssl_ctx.verify_host);
+#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
+	ha_free(&srv->sni_expr);
+#endif
+	ha_free(&srv->ssl_ctx.ciphers);
+#ifdef HAVE_SSL_CTX_SET_CIPHERSUITES
+	ha_free(&srv->ssl_ctx.ciphersuites);
+#endif
 }
 
 /* Walks down the two trees in bind_conf and frees all the certs. The pointer may