From: William Lallemand <wlallemand@haproxy.com>
Date: Wed, 10 Apr 2024 17:05:15 +0000 (+0200)
Subject: MINOR: ssl/crtlist: alloc ssl_conf only when a valid keyword is found
X-Git-Tag: v3.0-dev8~68
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d308c9a9f609c219f0146f94d6a075b44c11d175;p=thirdparty%2Fhaproxy.git

MINOR: ssl/crtlist: alloc ssl_conf only when a valid keyword is found

crt-list will be enhanced with ckch_conf keywords, however these keywords
does not fill the 'ssl_conf' structure. So we don't need to allocate the
ssl_conf for every options between [ ] but only when we found a relevant
one.
---

diff --git a/src/ssl_crtlist.c b/src/ssl_crtlist.c
index ff7f279854..3b1f532950 100644
--- a/src/ssl_crtlist.c
+++ b/src/ssl_crtlist.c
@@ -438,12 +438,6 @@ int crtlist_parse_line(char *line, char **crt_path, struct crtlist_entry *entry,
 			cfgerr |= ERR_WARN;
 		}
 
-		ssl_conf = calloc(1, sizeof *ssl_conf);
-		if (!ssl_conf) {
-			memprintf(err, "not enough memory!");
-			cfgerr |= ERR_ALERT | ERR_FATAL;
-			goto error;
-		}
 	}
 
 	cur_arg = ssl_b ? ssl_b : 1;
@@ -451,6 +445,14 @@ int crtlist_parse_line(char *line, char **crt_path, struct crtlist_entry *entry,
 		newarg = 0;
 		for (i = 0; ssl_crtlist_kws[i].kw != NULL; i++) {
 			if (strcmp(ssl_crtlist_kws[i].kw, args[cur_arg]) == 0) {
+				if (!ssl_conf)
+					ssl_conf = calloc(1, sizeof *ssl_conf);
+				if (!ssl_conf) {
+					memprintf(err, "not enough memory!");
+					cfgerr |= ERR_ALERT | ERR_FATAL;
+					goto error;
+				}
+
 				newarg = 1;
 				cfgerr |= ssl_crtlist_kws[i].parse(args, cur_arg, NULL, ssl_conf, from_cli, err);
 				if (cur_arg + 1 + ssl_crtlist_kws[i].skip > ssl_e) {