From: Emmanuel Hocdet <manu@gandi.net>
Date: Thu, 16 Jan 2020 13:45:00 +0000 (+0100)
Subject: BUG/MINOR: ssl: ssl_sock_load_issuer_file_into_ckch memory leak
X-Git-Tag: v2.2-dev1~13
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=eb73dc34bbfbb5ffe8d9f3eb9d07fe981c938d8f;p=thirdparty%2Fhaproxy.git

BUG/MINOR: ssl: ssl_sock_load_issuer_file_into_ckch memory leak

"set ssl cert <filename.issuer> <payload>" CLI command must free
previous context.

This patch should be backport to 2.1
---

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 7d654bde82..e2c58a50fb 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -3237,8 +3237,11 @@ static int ssl_sock_load_issuer_file_into_ckch(const char *path, char *buf, stru
 		          err && *err ? *err : "", path);
 		goto end;
 	}
-	ret = 0;
+	/* no error, fill ckch with new context, old context must be free */
+	if (ckch->ocsp_issuer)
+		X509_free(ckch->ocsp_issuer);
 	ckch->ocsp_issuer = issuer;
+	ret = 0;
 
 end: