From: Remi Tricot-Le Breton <rlebreton@haproxy.com>
Date: Tue, 21 Mar 2023 09:28:34 +0000 (+0100)
Subject: BUG/MINOR: ssl: Fix potential leak in cli_parse_update_ocsp_response
X-Git-Tag: v2.8-dev7~134
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d32c8e3ccbd18d200c57458c3023643cdc971ef1;p=thirdparty%2Fhaproxy.git

BUG/MINOR: ssl: Fix potential leak in cli_parse_update_ocsp_response

In some extremely unlikely case (or even impossible for now), we might
exit cli_parse_update_ocsp_response without raising an error but with a
filled 'err' buffer. It was not properly free'd.

It does not need to be backported.
---

diff --git a/src/ssl_ocsp.c b/src/ssl_ocsp.c
index 979a87b21c..8a7cb27276 100644
--- a/src/ssl_ocsp.c
+++ b/src/ssl_ocsp.c
@@ -1397,6 +1397,8 @@ static int cli_parse_update_ocsp_response(char **args, char *payload, struct app
 
 	task_wakeup(ocsp_update_task, TASK_WOKEN_MSG);
 
+	free(err);
+
 	return 0;
 
 end: