From: William Lallemand <wlallemand@haproxy.org>
Date: Tue, 26 Apr 2022 13:44:53 +0000 (+0200)
Subject: BUG/MINOR: ssl: free the cafile entries on deinit
X-Git-Tag: v2.6-dev8~67
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b0c4827;p=thirdparty%2Fhaproxy.git

BUG/MINOR: ssl: free the cafile entries on deinit

The cafile_tree was never free upon deinit, making valgrind and ASAN
complains when haproxy quits.

This could be backported as far as 2.2 but it requires the
ssl_store_delete_cafile_entry() helper from
5daff3c8abc658760a0d0c5fbbc633bfff1afe44.
---

diff --git a/src/ssl_ckch.c b/src/ssl_ckch.c
index 94d11e8eab..589e691175 100644
--- a/src/ssl_ckch.c
+++ b/src/ssl_ckch.c
@@ -3769,7 +3769,9 @@ void ckch_deinit()
 {
 	struct eb_node *node, *next;
 	struct ckch_store *store;
+	struct ebmb_node *canode;
 
+	/* deinit the ckch stores */
 	node = eb_first(&ckchs_tree);
 	while (node) {
 		next = eb_next(node);
@@ -3777,6 +3779,16 @@ void ckch_deinit()
 		ckch_store_free(store);
 		node = next;
 	}
+
+	/* deinit the ca-file store */
+	canode = ebmb_first(&cafile_tree);
+	while (canode) {
+		struct cafile_entry *entry = NULL;
+
+		entry = ebmb_entry(canode, struct cafile_entry, node);
+		canode = ebmb_next(canode);
+		ssl_store_delete_cafile_entry(entry);
+	}
 }
 
 /* register cli keywords */