From d38458d823078355f524c1391931d0a6d77c89a4 Mon Sep 17 00:00:00 2001
From: Daniel McCarney <daniel@binaryparadox.net>
Date: Fri, 19 Jul 2024 12:23:18 -0400
Subject: [PATCH] vtls/rustls: simplify builder cleanup

Don't build `config_builder` just to free the resulting config, free the
builder directly.

When `cr_init_backend` encounters an error condition setting up the
Rustls client configuration it must do something with the
`config_builder` that was constructed earlier to avoid a memory leak.

The previous implementation preferred to use a pattern of building the
builder (thus consuming it) and then freeing the built config (to avoid
a memory leak). However, the purpose/intent is clearer when we just free
the builder directly instead of building it and freeing the result.

Closes #14889
---
 lib/vtls/rustls.c | 12 ++++--------
 1 file changed, 4 insertions(+), 8 deletions(-)

diff --git a/lib/vtls/rustls.c b/lib/vtls/rustls.c
index 4a7bf54058..1f9118c3f0 100644
--- a/lib/vtls/rustls.c
+++ b/lib/vtls/rustls.c
@@ -646,8 +646,7 @@ cr_init_backend(struct Curl_cfilter *cf, struct Curl_easy *data,
       if(result != RUSTLS_RESULT_OK) {
         failf(data, "rustls: failed to parse trusted certificates from blob");
         rustls_root_cert_store_builder_free(roots_builder);
-        rustls_client_config_free(
-          rustls_client_config_builder_build(config_builder));
+        rustls_client_config_builder_free(config_builder);
         return CURLE_SSL_CACERT_BADFILE;
       }
     }
@@ -658,8 +657,7 @@ cr_init_backend(struct Curl_cfilter *cf, struct Curl_easy *data,
       if(result != RUSTLS_RESULT_OK) {
         failf(data, "rustls: failed to load trusted certificates");
         rustls_root_cert_store_builder_free(roots_builder);
-        rustls_client_config_free(
-          rustls_client_config_builder_build(config_builder));
+        rustls_client_config_builder_free(config_builder);
         return CURLE_SSL_CACERT_BADFILE;
       }
     }
@@ -668,8 +666,7 @@ cr_init_backend(struct Curl_cfilter *cf, struct Curl_easy *data,
     rustls_root_cert_store_builder_free(roots_builder);
     if(result != RUSTLS_RESULT_OK) {
       failf(data, "rustls: failed to load trusted certificates");
-      rustls_client_config_free(
-        rustls_client_config_builder_build(config_builder));
+      rustls_client_config_builder_free(config_builder);
       return CURLE_SSL_CACERT_BADFILE;
     }
 
@@ -704,8 +701,7 @@ cr_init_backend(struct Curl_cfilter *cf, struct Curl_easy *data,
     if(result != RUSTLS_RESULT_OK) {
       failf(data, "rustls: failed to load trusted certificates");
       rustls_server_cert_verifier_free(server_cert_verifier);
-      rustls_client_config_free(
-        rustls_client_config_builder_build(config_builder));
+      rustls_client_config_builder_free(config_builder);
       return CURLE_SSL_CACERT_BADFILE;
     }
 
-- 
2.47.3