From: William Lallemand Date: Tue, 17 Mar 2020 19:11:41 +0000 (+0100) Subject: BUG/MINOR: ssl: memleak of struct crtlist_entry X-Git-Tag: v2.2-dev5~39 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a64593c80ddd4c73af09491140786537de3b4a16;p=thirdparty%2Fhaproxy.git BUG/MINOR: ssl: memleak of struct crtlist_entry There is a memleak of the entry structure in crtlist_load_cert_dir(), in the case we can't stat the file, or this is not a regular file. Let's move the entry allocation so it's done after these tests. Fix issue #551. --- diff --git a/src/ssl_sock.c b/src/ssl_sock.c index 2c7892c163..73375bcf90 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -4478,6 +4478,16 @@ static int crtlist_load_cert_dir(char *path, struct bind_conf *bind_conf, struct if (end && (!strcmp(end, ".issuer") || !strcmp(end, ".ocsp") || !strcmp(end, ".sctl") || !strcmp(end, ".key"))) goto ignore_entry; + snprintf(fp, sizeof(fp), "%s/%s", path, de->d_name); + if (stat(fp, &buf) != 0) { + memprintf(err, "%sunable to stat SSL certificate from file '%s' : %s.\n", + err && *err ? *err : "", fp, strerror(errno)); + cfgerr |= ERR_ALERT | ERR_FATAL; + goto ignore_entry; + } + if (!S_ISREG(buf.st_mode)) + goto ignore_entry; + entry = malloc(sizeof(*entry)); if (entry == NULL) { memprintf(err, "not enough memory '%s'", fp); @@ -4490,16 +4500,6 @@ static int crtlist_load_cert_dir(char *path, struct bind_conf *bind_conf, struct entry->filters = NULL; entry->ssl_conf = NULL; - snprintf(fp, sizeof(fp), "%s/%s", path, de->d_name); - if (stat(fp, &buf) != 0) { - memprintf(err, "%sunable to stat SSL certificate from file '%s' : %s.\n", - err && *err ? *err : "", fp, strerror(errno)); - cfgerr |= ERR_ALERT | ERR_FATAL; - goto ignore_entry; - } - if (!S_ISREG(buf.st_mode)) - goto ignore_entry; - #if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL is_bundle = 0; /* Check if current entry in directory is part of a multi-cert bundle */