From: William Lallemand <wlallemand@haproxy.org>
Date: Tue, 26 Apr 2022 13:57:33 +0000 (+0200)
Subject: BUG/MINOR: ssl: memory leak when trying to load a directory with ca-file
X-Git-Tag: v2.6-dev8~66
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4cfbf3c014cf013542533d46b21ccc518ad8866c;p=thirdparty%2Fhaproxy.git

BUG/MINOR: ssl: memory leak when trying to load a directory with ca-file

This patch fixes a memory leak of the ca structure when trying to load a
directory with the ca-file directive.

No backport needed.
---

diff --git a/src/ssl_ckch.c b/src/ssl_ckch.c
index 589e691175..447fdbb568 100644
--- a/src/ssl_ckch.c
+++ b/src/ssl_ckch.c
@@ -1168,11 +1168,13 @@ int ssl_store_load_locations_file(char *path, int create_if_none, enum cafile_ty
 				if (X509_STORE_add_cert(store, ca) == 0)
 					goto scandir_err;
 
+				X509_free(ca);
 				BIO_free(in);
 				free(de);
 				continue;
 
 scandir_err:
+				X509_free(ca);
 				BIO_free(in);
 				free(de);
 				ha_warning("ca-file: '%s' couldn't load '%s'\n", path, trash.area);