From: Willy Tarreau <w@1wt.eu>
Date: Mon, 22 Mar 2021 14:09:41 +0000 (+0100)
Subject: MINOR: ssl: use pool_alloc(), not pool_alloc_dirty()
X-Git-Tag: v2.4-dev14~69
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b454e908e5ae5bfb86a4dcdc50909374cb5820c9;p=thirdparty%2Fhaproxy.git

MINOR: ssl: use pool_alloc(), not pool_alloc_dirty()

pool_alloc_dirty() is the version below pool_alloc() that never performs
the memory poisonning. It should only be called directly for very large
unstructured areas for which enabling memory poisonning would not bring
anything but could significantly hurt performance (e.g. buffers). Using
this function here will not provide any benefit and will hurt the ability
to debug.

It would be desirable to backport this, although it does not cause any
user-visible bug, it just complicates debugging.
---

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index debd05e6f5..83b9d11422 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -1763,7 +1763,7 @@ static void ssl_sock_parse_clienthello(struct connection *conn, int write_p, int
 	if (msg + rec_len > end || msg + rec_len < msg)
 		return;
 
-	capture = pool_alloc_dirty(pool_head_ssl_capture);
+	capture = pool_alloc(pool_head_ssl_capture);
 	if (!capture)
 		return;
 	/* Compute the xxh64 of the ciphersuite. */