BUG/MEDIUM: ssl: Don't forget to free ctx->ssl on failure.

In ssl_sock_init(), if we fail to allocate the BIO, don't forget to free
the SSL *, or we'd end up with a memory leak.

This should be backported to 2.1 and 2.0.

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 5ca59eb4786301c35db4f49fc94f62909d323111..99133f0f9371429b59e0e16fd15dac4b36183331 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -5937,6 +5937,8 @@ static int ssl_sock_init(struct connection *conn, void **xprt_ctx)
                }
                ctx->bio = BIO_new(ha_meth);
                if (!ctx->bio) {
+                       SSL_free(ctx->ssl);
+                       ctx->ssl = NULL;
                        if (may_retry--) {
                                pool_gc(NULL);
                                goto retry_connect;
@@ -5999,6 +6001,8 @@ static int ssl_sock_init(struct connection *conn, void **xprt_ctx)
                }
                ctx->bio = BIO_new(ha_meth);
                if (!ctx->bio) {
+                       SSL_free(ctx->ssl);
+                       ctx->ssl = NULL;
                        if (may_retry--) {
                                pool_gc(NULL);
                                goto retry_accept;