From: William Lallemand <wlallemand@haproxy.com>
Date: Wed, 2 Apr 2025 07:42:44 +0000 (+0200)
Subject: BUG/MINOR: ssl/ckch: leak in error path
X-Git-Tag: v3.2-dev9~24
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2e8acf54d49c8076b7571bac7c9601068c62a7b9;p=thirdparty%2Fhaproxy.git

BUG/MINOR: ssl/ckch: leak in error path

fdcb97614cb ("MINOR: ssl/ckch: add substring parser for ckch_conf")
introduced a leak in the error path when the strndup fails.

This patch fixes issue #2920. No backport needed.
---

diff --git a/src/ssl_ckch.c b/src/ssl_ckch.c
index f5c893e57..4352bfc26 100644
--- a/src/ssl_ckch.c
+++ b/src/ssl_ckch.c
@@ -4817,13 +4817,13 @@ int ckch_conf_parse(char **args, int cur_arg, struct ckch_conf *f, int *found, c
 					if (!r) {
 						ha_alert("parsing [%s:%d]: out of memory.\n", file, linenum);
 						err_code |= ERR_ALERT | ERR_ABORT;
-						goto out;
+						goto array_err;
 					}
 					r[n] = strndup(b, e - b);
 					if (!r[n]) {
 						ha_alert("parsing [%s:%d]: out of memory.\n", file, linenum);
 						err_code |= ERR_ALERT | ERR_ABORT;
-						goto out;
+						goto array_err;
 					}
 
 					n++;
@@ -4847,6 +4847,15 @@ int ckch_conf_parse(char **args, int cur_arg, struct ckch_conf *f, int *found, c
 //				while (*r)
 //					fprintf(stderr, "sub: \"%s\"\n", *r++);
 
+				goto out;
+array_err:
+				while (*r) {
+					char *prev = *r;
+					r++;
+					free(prev);
+				}
+				free(r);
+
 
 			} else if (ckch_conf_kws[i].type == PARSE_TYPE_INT) {
 				int *t = target;