From 23cab33b67dd9dc76de936f47dfa23b1a8ee40e5 Mon Sep 17 00:00:00 2001 From: Remi Tricot-Le Breton Date: Wed, 7 Feb 2024 16:38:42 +0100 Subject: [PATCH] BUG/MINOR: ssl: Clear the ckch instance when deleting a crt-list line When deleting a crt-list line through a "del ssl crt-list" call on the CLI, we ended up free'ing the corresponding ckch instances without fully clearing their contents. It left some dangling references on other objects because the attache SSL_CTX was not deleted, as well as all the ex_data referenced by it (OCSP responses for instance). This patch can be backported up to branch 2.4. --- src/ssl_crtlist.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/ssl_crtlist.c b/src/ssl_crtlist.c index 25c859bb1b..bebaccae04 100644 --- a/src/ssl_crtlist.c +++ b/src/ssl_crtlist.c @@ -1530,7 +1530,7 @@ static int cli_parse_del_crtlist(char **args, char *payload, struct appctx *appc LIST_DELETE(&link_ref->list); free(link_ref); } - free(inst); + ckch_inst_free(inst); } crtlist_free_filters(entry->filters); -- 2.39.5