From: Emmanuel Hocdet <manu@gandi.net>
Date: Thu, 16 Jan 2020 13:41:36 +0000 (+0100)
Subject: BUG/MINOR: ssl: ssl_sock_load_ocsp_response_from_file memory leak
X-Git-Tag: v2.2-dev1~14
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0667faebcf55562d86c30af63f36fe86ba58fff9;p=thirdparty%2Fhaproxy.git

BUG/MINOR: ssl: ssl_sock_load_ocsp_response_from_file memory leak

"set ssl cert <filename.ocsp> <payload>" CLI command must free
previous context.

This patch should be backport to 2.1
---

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index fd350f39c0..7d654bde82 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -1106,7 +1106,12 @@ static int ssl_sock_load_ocsp_response_from_file(const char *ocsp_path, char *bu
 		ocsp_response = NULL;
 		goto end;
 	}
-
+	/* no error, fill ckch with new context, old context must be free */
+	if (ckch->ocsp_response) {
+		free(ckch->ocsp_response->area);
+		ckch->ocsp_response->area = NULL;
+		free(ckch->ocsp_response);
+	}
 	ckch->ocsp_response = ocsp_response;
 	ret = 0;
 end: