From: William Lallemand <wlallemand@haproxy.org>
Date: Wed, 16 Mar 2022 16:48:19 +0000 (+0100)
Subject: BUG/MINOR: server/ssl: free the SNI sample expression
X-Git-Tag: v2.6-dev4~63
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=43c2ce4d81d8184007a8eb49240b81687c213dec;p=thirdparty%2Fhaproxy.git

BUG/MINOR: server/ssl: free the SNI sample expression

ASAN complains about the SNI expression not being free upon an haproxy
-c. Indeed the httpclient is now initialized with a sni expression and
this one is never free in the server release code.

Must be backported in 2.5 and could be backported in every stable
versions.
---

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 83c3a38653..19a166aa98 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -69,6 +69,7 @@
 #include <haproxy/ssl_crtlist.h>
 #include <haproxy/ssl_sock.h>
 #include <haproxy/ssl_utils.h>
+#include <haproxy/sample.h>
 #include <haproxy/stats.h>
 #include <haproxy/stream-t.h>
 #include <haproxy/stream_interface.h>
@@ -5445,6 +5446,8 @@ void ssl_sock_free_srv_ctx(struct server *srv)
 	ha_free(&srv->ssl_ctx.verify_host);
 #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
 	ha_free(&srv->sni_expr);
+	release_sample_expr(srv->ssl_ctx.sni);
+	srv->ssl_ctx.sni = NULL;
 #endif
 	ha_free(&srv->ssl_ctx.ciphers);
 #ifdef HAVE_SSL_CTX_SET_CIPHERSUITES