]> git.ipfire.org Git - thirdparty/haproxy.git/commitdiff
projects / thirdparty / haproxy.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 52d8ee8)
BUG/MINOR: acme: free() DER buffer on a2base64url error path
authorWilliam Lallemand <wlallemand@haproxy.com>
Mon, 23 Mar 2026 13:02:48 +0000 (14:02 +0100)
committerWilliam Lallemand <wlallemand@haproxy.com>
Mon, 23 Mar 2026 13:39:55 +0000 (14:39 +0100)
In acme_req_finalize() the data buffer is only freed when a2base64url
succeed. This patch moves the allocation so it free() the DER buffer in
every cases.

Must be backported to 3.2 and later.

src/acme.c patch | blob | blame | history

diff --git a/src/acme.c b/src/acme.c
index 943ca22ab9299f5673dd11b61a3befb33c9e5216..c0256afffe6d96cb81dc617ebd8257f90cc45bee 100644 (file)
--- a/src/acme.c
+++ b/src/acme.c
@@ -1343,7 +1343,6 @@ int acme_req_finalize(struct task *task, struct acme_ctx *ctx, char **errmsg)
        csr->data = ret;
 
        chunk_printf(req_in, "{ \"csr\": \"%.*s\" }", (int)csr->data, csr->area);
-       OPENSSL_free(data);
 
 
        if (acme_jws_payload(req_in, ctx->nonce, ctx->finalize, ctx->cfg->account.pkey, ctx->kid, req_out, errmsg) != 0)
@@ -1357,6 +1356,7 @@ int acme_req_finalize(struct task *task, struct acme_ctx *ctx, char **errmsg)
 error:
        memprintf(errmsg, "couldn't request the finalize URL");
 out:
+       OPENSSL_free(data);
        free_trash_chunk(req_in);
        free_trash_chunk(req_out);
        free_trash_chunk(csr);
Mirror of https://github.com/haproxy/haproxy.git