From: William Lallemand <wlallemand@haproxy.com>
Date: Wed, 8 Apr 2020 13:16:51 +0000 (+0200)
Subject: BUG/MINOR: ssl/cli: memory leak in 'set ssl cert'
X-Git-Tag: v2.2-dev6~27
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=24be710609fe24781b489339273beec29114a3b8;p=thirdparty%2Fhaproxy.git

BUG/MINOR: ssl/cli: memory leak in 'set ssl cert'

When deleting the previous SNI entries with 'set ssl cert', the old
SSL_CTX' were not free'd, which probably prevent the completion of the
free of the X509 in the old ckch_store, because of the refcounts in the
SSL library.

This bug was introduced by 150bfa8 ("MEDIUM: cli/ssl: handle the
creation of SSL_CTX in an IO handler").

Must be backported to 2.1.
---

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index f58a1c0d5b..0ade7c2261 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -12103,6 +12103,8 @@ static int cli_io_handler_commit_cert(struct appctx *appctx)
 
 					HA_RWLOCK_WRLOCK(SNI_LOCK, &ckchi->bind_conf->sni_lock);
 					list_for_each_entry_safe(sc0, sc0s, &ckchi->sni_ctx, by_ckch_inst) {
+						if (sc0->order == 0) /* we only free if it's the first inserted */
+							SSL_CTX_free(sc0->ctx);
 						ebmb_delete(&sc0->name);
 						LIST_DEL(&sc0->by_ckch_inst);
 						free(sc0);