BUG/MINOR: ssl/cli: fix a lock leak when no memory available

This bug was introduced in e5ff4ad ("BUG/MINOR: ssl: fix a trash buffer
leak in some error cases").

When cli_parse_set_cert() returns because alloc_trash_chunk() failed, it
does not unlock the spinlock which can lead to a deadlock later.

Must be backported as far as 2.1 where e5ff4ad was backported.

diff --git a/src/ssl_ckch.c b/src/ssl_ckch.c
index c41c1789cf94f6b75361e7bad6862604e9b903f7..a6f18bd7b3f1acf465b2d279518ea1783f413d20 100644 (file)
--- a/src/ssl_ckch.c
+++ b/src/ssl_ckch.c
@@ -1560,8 +1560,11 @@ static int cli_parse_set_cert(char **args, char *payload, struct appctx *appctx,
        if (HA_SPIN_TRYLOCK(CKCH_LOCK, &ckch_lock))
                return cli_err(appctx, "Can't update the certificate!\nOperations on certificates are currently locked!\n");
 
-       if ((buf = alloc_trash_chunk()) == NULL)
-               return cli_err(appctx, "Can't allocate memory\n");
+       if ((buf = alloc_trash_chunk()) == NULL) {
+               memprintf(&err, "%sCan't allocate memory\n", err ? err : "");
+               errcode |= ERR_ALERT | ERR_FATAL;
+               goto end;
+       }
 
        if (!chunk_strcpy(buf, args[3])) {
                memprintf(&err, "%sCan't allocate memory\n", err ? err : "");