From: William Lallemand <wlallemand@haproxy.com>
Date: Fri, 9 May 2025 17:16:02 +0000 (+0200)
Subject: BUG/MINOR: ssl/ckch: always ha_freearray() the previous entry during parsing
X-Git-Tag: v3.2-dev16~43
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=9c0c05b7baa53cb07103d5a57768fc45238ee2ea;p=thirdparty%2Fhaproxy.git

BUG/MINOR: ssl/ckch: always ha_freearray() the previous entry during parsing

The ckch_conf_parse() function is the generic function which parses
crt-store keywords from the crt-store section, and also from a
crt-list.

When having multiple time the same keyword, a leak of the previous
value happens. This patch ensure that the previous value is always
freed before overwriting it.

This is the same problem as the previous "BUG/MINOR: ssl/ckch: always
free() the previous entry during parsing" patch, however this one
applies on PARSE_TYPE_ARRAY_SUBSTR.

No backport needed.
---

diff --git a/src/ssl_ckch.c b/src/ssl_ckch.c
index cf1357168..a2e96dd36 100644
--- a/src/ssl_ckch.c
+++ b/src/ssl_ckch.c
@@ -4884,7 +4884,7 @@ int ckch_conf_parse(char **args, int cur_arg, struct ckch_conf *f, int *found, c
 				char *b, *e;
 
 				/* split a string into substring split by colons */
-
+				ha_freearray(t);
 				e = b = args[cur_arg + 1];
 				do {
 					while (*e != ',' && *e != '\0')