From: William Lallemand <wlallemand@haproxy.com>
Date: Wed, 31 Jul 2019 16:31:34 +0000 (+0200)
Subject: BUG/MEDIUM: ssl: does not try to free a DH in a ckch
X-Git-Tag: v2.1-dev2~252
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a8c73748f8ca545296a8b47f3fd3950dfcc75737;p=thirdparty%2Fhaproxy.git

BUG/MEDIUM: ssl: does not try to free a DH in a ckch

ssl_sock_load_dh_params() should not free the DH * of a ckch, or the
ckch won't be usable during the next call.
---

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index ceadc9b8e5..0eaf2eb061 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -2858,10 +2858,8 @@ static int ssl_sock_load_dh_params(SSL_CTX *ctx, const struct cert_key_and_chain
 	int ret = -1;
 	DH *dh = NULL;
 
-	if (ckch)
+	if (ckch && ckch->dh) {
 		dh = ckch->dh;
-
-	if (dh) {
 		ret = 1;
 		SSL_CTX_set_tmp_dh(ctx, dh);
 
@@ -2897,9 +2895,6 @@ static int ssl_sock_load_dh_params(SSL_CTX *ctx, const struct cert_key_and_chain
 	}
 
 end:
-	if (dh)
-		DH_free(dh);
-
 	return ret;
 }
 #endif