BUG/MINOR: ssl: fix a trash buffer leak in some error cases

Fix a trash buffer leak when we can't take the lock of the ckch, or when
"set ssl cert" is wrongly used.

The bug was mentionned in this thread:
https://www.mail-archive.com/haproxy@formilux.org/msg37539.html

The bug was introduced by commit bc6ca7c ("MINOR: ssl/cli: rework 'set
ssl cert' as 'set/commit'").

Must be backported in 2.1.

diff --git a/src/ssl_ckch.c b/src/ssl_ckch.c
index c59364930c309c0674ecfeba0b32bc7f738adb62..0f3f743ea7d12834fefb66a78b566e37a48a597e 100644 (file)
--- a/src/ssl_ckch.c
+++ b/src/ssl_ckch.c
@@ -1552,9 +1552,6 @@ static int cli_parse_set_cert(char **args, char *payload, struct appctx *appctx,
        if (!cli_has_level(appctx, ACCESS_LVL_ADMIN))
                return 1;
 
-       if ((buf = alloc_trash_chunk()) == NULL)
-               return cli_err(appctx, "Can't allocate memory\n");
-
        if (!*args[3] || !payload)
                return cli_err(appctx, "'set ssl cert expects a filename and a certificate as a payload\n");
 
@@ -1563,6 +1560,9 @@ static int cli_parse_set_cert(char **args, char *payload, struct appctx *appctx,
        if (HA_SPIN_TRYLOCK(CKCH_LOCK, &ckch_lock))
                return cli_err(appctx, "Can't update the certificate!\nOperations on certificates are currently locked!\n");
 
+       if ((buf = alloc_trash_chunk()) == NULL)
+               return cli_err(appctx, "Can't allocate memory\n");
+
        if (!chunk_strcpy(buf, args[3])) {
                memprintf(&err, "%sCan't allocate memory\n", err ? err : "");
                errcode |= ERR_ALERT | ERR_FATAL;