From: William Lallemand <wlallemand@haproxy.com>
Date: Thu, 6 Aug 2020 22:44:32 +0000 (+0200)
Subject: BUG/MINOR: ssl: fix memory leak at OCSP loading
X-Git-Tag: v2.3-dev3~29
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=86e4d63316de32b964c8b6b453b549532611e7e5;p=thirdparty%2Fhaproxy.git

BUG/MINOR: ssl: fix memory leak at OCSP loading

Fix a memory leak when loading an OCSP file when the file was already
loaded elsewhere in the configuration.

Indeed, if the OCSP file already exists, a useless chunk_dup() will be
done during the load.

To fix it we reverts "ocsp" to "iocsp" like it was done previously.

This was introduced by commit 246c024 ("MINOR: ssl: load the ocsp
in/from the ckch").

Should fix part of the issue #746.

It must be backported in 2.1 and 2.2.
---

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index f98c5c0717..9c094a5bb2 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -1399,7 +1399,7 @@ static int ssl_sock_load_ocsp(SSL_CTX *ctx, const struct cert_key_and_chain *ckc
 	ret = 0;
 
 	warn = NULL;
-	if (ssl_sock_load_ocsp_response(ckch->ocsp_response, ocsp, cid, &warn)) {
+	if (ssl_sock_load_ocsp_response(ckch->ocsp_response, iocsp, cid, &warn)) {
 		memprintf(&warn, "Loading: %s. Content will be ignored", warn ? warn : "failure");
 		ha_warning("%s.\n", warn);
 	}