From: Willy Tarreau <w@1wt.eu>
Date: Fri, 26 Feb 2021 20:06:32 +0000 (+0100)
Subject: CLEANUP: ssl: make ssl_sock_free_srv_ctx() zero the pointers after free
X-Git-Tag: v2.4-dev10~2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e709e821734c306ae482e537e3ab4960046e386c;p=thirdparty%2Fhaproxy.git

CLEANUP: ssl: make ssl_sock_free_srv_ctx() zero the pointers after free

In ssl_sock_free_srv_ctx() there are some calls to free() which are not
followed by a zeroing of the pointers. For now this function is only used
during deinit but it could be used at run time in the near future, so
better secure this.
---

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 580c6fe143..b10281a00d 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -4996,22 +4996,24 @@ void ssl_sock_free_srv_ctx(struct server *srv)
 {
 #ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
 	if (srv->ssl_ctx.alpn_str)
-		free(srv->ssl_ctx.alpn_str);
+		ha_free(&srv->ssl_ctx.alpn_str);
 #endif
 #ifdef OPENSSL_NPN_NEGOTIATED
 	if (srv->ssl_ctx.npn_str)
-		free(srv->ssl_ctx.npn_str);
+		ha_free(&srv->ssl_ctx.npn_str);
 #endif
 	if (srv->ssl_ctx.reused_sess) {
 		int i;
 
 		for (i = 0; i < global.nbthread; i++)
-			free(srv->ssl_ctx.reused_sess[i].ptr);
-		free(srv->ssl_ctx.reused_sess);
+			ha_free(&srv->ssl_ctx.reused_sess[i].ptr);
+		ha_free(&srv->ssl_ctx.reused_sess);
 	}
 
-	if (srv->ssl_ctx.ctx)
+	if (srv->ssl_ctx.ctx) {
 		SSL_CTX_free(srv->ssl_ctx.ctx);
+		srv->ssl_ctx.ctx = NULL;
+	}
 }
 
 /* Walks down the two trees in bind_conf and frees all the certs. The pointer may