From: Remi Tricot-Le Breton <rlebreton@haproxy.com>
Date: Mon, 23 Jan 2023 14:57:13 +0000 (+0100)
Subject: BUG/MINOR: ssl: Fix leaks in 'update ssl ocsp-response' CLI command
X-Git-Tag: v2.8-dev3~96
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=305a4f32a5e8f3a898447e194a6830bd1090fa20;p=thirdparty%2Fhaproxy.git

BUG/MINOR: ssl: Fix leaks in 'update ssl ocsp-response' CLI command

This patch fixes two leaks in the 'update ssl ocsp-response' cli
command. One rather significant one since a whole trash buffer was
allocated for every call of the command, and another more marginal one
in an error path.

This patch does not need to be backported.
---

diff --git a/src/ssl_ocsp.c b/src/ssl_ocsp.c
index cce05097e2..bda7a1be9e 100644
--- a/src/ssl_ocsp.c
+++ b/src/ssl_ocsp.c
@@ -1378,11 +1378,13 @@ static int cli_parse_update_ocsp_response(char **args, char *payload, struct app
 	}
 
 	free_trash_chunk(req_url);
+	free_trash_chunk(req_body);
 
 	return 0;
 
 end:
 	free_trash_chunk(req_url);
+	free_trash_chunk(req_body);
 
 	if (errcode & ERR_CODE) {
 		return cli_dynerr(appctx, memprintf(&err, "%sCan't send ocsp request for %s!\n", err ? err : "", args[3]));
@@ -1435,6 +1437,7 @@ static int cli_io_handler_update_ocsp_response(struct appctx *appctx)
 
 		if (ssl_ocsp_check_response(ctx->ckch_data->chain, ctx->ocsp_issuer, &hc->res.buf, &err)) {
 			chunk_printf(&trash, "%s", err);
+			free(err);
 			if (applet_putchk(appctx, &trash) == -1)
 				goto more;
 			goto end;
@@ -1442,11 +1445,13 @@ static int cli_io_handler_update_ocsp_response(struct appctx *appctx)
 
 		if (ssl_sock_update_ocsp_response(&hc->res.buf, &err) != 0) {
 			chunk_printf(&trash, "%s", err);
+			free(err);
 			if (applet_putchk(appctx, &trash) == -1)
 				goto more;
 			goto end;
 		}
 
+		free(err);
 		chunk_reset(&trash);
 
 		if (ssl_ocsp_response_print(&hc->res.buf, &trash))