From: William Lallemand Date: Sat, 21 Feb 2026 15:24:22 +0000 (+0100) Subject: BUG/MINOR: acme: wrong labels logic always memprintf errmsg X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8d54cda0af691c8f2089be909716b509c3d8f42e;p=thirdparty%2Fhaproxy.git BUG/MINOR: acme: wrong labels logic always memprintf errmsg In acme_req_finalize(), acme_req_challenge(), acme_req_neworder(), acme_req_account(), and acme_post_as_get(), the success path always calls unconditionally memprintf(errmsg, ...). This may result in a leak of errmsg. Additionally, acme_res_chkorder(), acme_res_finalize(), acme_res_auth(), and acme_res_neworder() had unused 'out:' labels that were removed. Must be backported as far as 3.2. --- diff --git a/src/acme.c b/src/acme.c index 437e61068..b274dd2f8 100644 --- a/src/acme.c +++ b/src/acme.c @@ -1301,7 +1301,6 @@ int acme_res_chkorder(struct task *task, struct acme_ctx *ctx, char **errmsg) goto error; }; -out: ret = 0; error: @@ -1354,11 +1353,11 @@ int acme_req_finalize(struct task *task, struct acme_ctx *ctx, char **errmsg) if (acme_http_req(task, ctx, ctx->finalize, HTTP_METH_POST, hdrs, ist2(req_out->area, req_out->data))) goto error; - ret = 0; + goto out; error: memprintf(errmsg, "couldn't request the finalize URL"); - +out: free_trash_chunk(req_in); free_trash_chunk(req_out); free_trash_chunk(csr); @@ -1410,7 +1409,7 @@ int acme_res_finalize(struct task *task, struct acme_ctx *ctx, char **errmsg) memprintf(errmsg, "invalid HTTP status code %d when getting Finalize URL", hc->res.status); goto error; } -out: + ret = 0; error: @@ -1453,9 +1452,10 @@ int acme_req_challenge(struct task *task, struct acme_ctx *ctx, struct acme_auth goto error; ret = 0; + goto out; error: memprintf(errmsg, "couldn't generate the Challenge request"); - +out: free_trash_chunk(req_in); free_trash_chunk(req_out); @@ -1571,6 +1571,8 @@ int acme_post_as_get(struct task *task, struct acme_ctx *ctx, struct ist url, ch ret = 0; + goto end; + error_jws: memprintf(errmsg, "couldn't generate the JWS token: %s", errmsg ? *errmsg : ""); goto end; @@ -1759,7 +1761,6 @@ int acme_res_auth(struct task *task, struct acme_ctx *ctx, struct acme_auth *aut break; } -out: ret = 0; error: @@ -1811,9 +1812,10 @@ int acme_req_neworder(struct task *task, struct acme_ctx *ctx, char **errmsg) goto error; ret = 0; + goto out; error: memprintf(errmsg, "couldn't generate the newOrder request"); - +out: free_trash_chunk(req_in); free_trash_chunk(req_out); @@ -1921,7 +1923,6 @@ int acme_res_neworder(struct task *task, struct acme_ctx *ctx, char **errmsg) goto error; } -out: ret = 0; error: @@ -1973,9 +1974,10 @@ int acme_req_account(struct task *task, struct acme_ctx *ctx, int newaccount, ch goto error; ret = 0; + goto out; error: memprintf(errmsg, "couldn't generate the newAccount request"); - +out: free_trash_chunk(req_in); free_trash_chunk(req_out);