From: Willy Tarreau <w@1wt.eu>
Date: Mon, 21 Aug 2023 06:45:35 +0000 (+0200)
Subject: BUG/MINOR: ssl_sock: fix possible memory leak on OOM
X-Git-Tag: v2.9-dev4~10
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ff9e6538590ef26fd03a75474a7e1d2405f53fdd;p=thirdparty%2Fhaproxy.git

BUG/MINOR: ssl_sock: fix possible memory leak on OOM

That's the classical realloc() issue: if it returns NULL, the old area
is not freed but we erase the pointer. It was brought by commit e18d4e828
("BUG/MEDIUM: ssl: backend TLS resumption with sni and TLSv1.3"), and
should be backported where this commit was backported.
---

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 6453265a34..922c24cebe 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -4280,6 +4280,8 @@ static int ssl_sess_new_srv_cb(SSL *ssl, SSL_SESSION *sess)
 			ptr = s->ssl_ctx.reused_sess[tid].ptr;
 		} else {
 			ptr = realloc(s->ssl_ctx.reused_sess[tid].ptr, len);
+			if (!ptr)
+				free(s->ssl_ctx.reused_sess[tid].ptr);
 			s->ssl_ctx.reused_sess[tid].ptr = ptr;
 			s->ssl_ctx.reused_sess[tid].allocated_size = len;
 		}