From: William Lallemand <wlallemand@haproxy.com>
Date: Wed, 8 Apr 2020 15:38:27 +0000 (+0200)
Subject: BUG/MINOR: ssl: memleak of the struct cert_key_and_chain
X-Git-Tag: v2.2-dev6~24
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8621ac5570a7cd225005f35808616d28a9774e88;p=thirdparty%2Fhaproxy.git

BUG/MINOR: ssl: memleak of the struct cert_key_and_chain

Free the struct cert_key_and_chain when calling ckchs_free(),
a memory leak can occur when using 'commit ssl cert'.

Must be backported to 2.1.
---

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 58776eec36..8f84c676bf 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -3762,12 +3762,16 @@ void ckchs_free(struct ckch_store *ckchs)
 	if (ckchs->multi) {
 		int n;
 
-		for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++)
+		for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
 			ssl_sock_free_cert_key_and_chain_contents(&ckchs->ckch[n]);
+		}
+		free(ckchs->ckch);
+		ckchs->ckch = NULL;
 	} else
 #endif
 	{
 		ssl_sock_free_cert_key_and_chain_contents(ckchs->ckch);
+		free(ckchs->ckch);
 		ckchs->ckch = NULL;
 	}