From ce9903319cc5b3cdcaec1ad45253899e7334857c Mon Sep 17 00:00:00 2001 From: William Lallemand Date: Tue, 23 Nov 2021 15:15:09 +0100 Subject: [PATCH] BUG/MINOR: ssl: free correctly the sni in the backend SSL cache __ssl_sock_load_new_ckch_instance() does not free correctly the SNI in the session cache, it only frees the one in the current tid. This bug was introduced with e18d4e8 ("BUG/MEDIUM: ssl: backend TLS resumption with sni and TLSv1.3"). This fix must be backported where the mentionned commit was backported. (all maintained versions). --- src/ssl_ckch.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/ssl_ckch.c b/src/ssl_ckch.c index 82169507f2..192ad6c666 100644 --- a/src/ssl_ckch.c +++ b/src/ssl_ckch.c @@ -1799,7 +1799,7 @@ static void __ssl_sock_load_new_ckch_instance(struct ckch_inst *ckchi) /* flush the session cache of the server */ for (i = 0; i < global.nbthread; i++) { - ha_free(&ckchi->server->ssl_ctx.reused_sess[tid].sni); + ha_free(&ckchi->server->ssl_ctx.reused_sess[i].sni); ha_free(&ckchi->server->ssl_ctx.reused_sess[i].ptr); } HA_RWLOCK_WRUNLOCK(SSL_SERVER_LOCK, &ckchi->server->ssl_ctx.lock); -- 2.47.3