From: Olivier Houchard <cognet@ci0.org>
Date: Fri, 24 Jan 2020 14:17:38 +0000 (+0100)
Subject: BUG/MEDIUM: ssl: Don't forget to free ctx->ssl on failure.
X-Git-Tag: v2.2-dev2~73
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=efe5e8e99890b24dcfb8c925d98bf82e2fdf0b9f;p=thirdparty%2Fhaproxy.git

BUG/MEDIUM: ssl: Don't forget to free ctx->ssl on failure.

In ssl_sock_init(), if we fail to allocate the BIO, don't forget to free
the SSL *, or we'd end up with a memory leak.

This should be backported to 2.1 and 2.0.
---

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 5ca59eb478..99133f0f93 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -5937,6 +5937,8 @@ static int ssl_sock_init(struct connection *conn, void **xprt_ctx)
 		}
 		ctx->bio = BIO_new(ha_meth);
 		if (!ctx->bio) {
+			SSL_free(ctx->ssl);
+			ctx->ssl = NULL;
 			if (may_retry--) {
 				pool_gc(NULL);
 				goto retry_connect;
@@ -5999,6 +6001,8 @@ static int ssl_sock_init(struct connection *conn, void **xprt_ctx)
 		}
 		ctx->bio = BIO_new(ha_meth);
 		if (!ctx->bio) {
+			SSL_free(ctx->ssl);
+			ctx->ssl = NULL;
 			if (may_retry--) {
 				pool_gc(NULL);
 				goto retry_accept;