From 1503e053622fa099dde46ced433be0ed6437f990 Mon Sep 17 00:00:00 2001
From: Emmanuel Hocdet <manu@gandi.net>
Date: Wed, 31 Jul 2019 18:30:33 +0200
Subject: [PATCH] BUG/MINOR: ssl: fix ressource leaks on error

Commit 36b84637 "MEDIUM: ssl: split the loading of the certificates"
introduce leaks on fd/memory in case of error.
---
 src/ssl_sock.c | 24 ++++++++++++++----------
 1 file changed, 14 insertions(+), 10 deletions(-)

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 4656df0fc9..f38a35f1a7 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -3638,8 +3638,9 @@ int ssl_sock_load_cert(char *path, struct bind_conf *bind_conf, char **err)
 						if ((ckchn = ckchn_lookup(fp)) == NULL)
 							ckchn =  ckchn_load_cert_file(fp, 1,  err);
 						if (!ckchn)
-							return 1;
-						cfgerr += ssl_sock_load_multi_ckchn(fp, ckchn, bind_conf, NULL, NULL, 0, err);
+							cfgerr++;
+						else
+							cfgerr += ssl_sock_load_multi_ckchn(fp, ckchn, bind_conf, NULL, NULL, 0, err);
 
 						/* Successfully processed the bundle */
 						goto ignore_entry;
@@ -3650,8 +3651,9 @@ int ssl_sock_load_cert(char *path, struct bind_conf *bind_conf, char **err)
 				if ((ckchn = ckchn_lookup(fp)) == NULL)
 					ckchn =  ckchn_load_cert_file(fp, 0,  err);
 				if (!ckchn)
-					return 1;
-				cfgerr += ssl_sock_load_ckchn(fp, ckchn, bind_conf, NULL, NULL, 0, err);
+					cfgerr++;
+				else
+					cfgerr += ssl_sock_load_ckchn(fp, ckchn, bind_conf, NULL, NULL, 0, err);
 
 ignore_entry:
 				free(de);
@@ -3854,15 +3856,17 @@ int ssl_sock_load_cert_list_file(char *file, struct bind_conf *bind_conf, struct
 
 			ckchn =  ckchn_load_cert_file(crt_path, 0,  err);
 			if (!ckchn)
-				return 1;
-			cfgerr = ssl_sock_load_ckchn(crt_path, ckchn, bind_conf, ssl_conf,
-							 &args[cur_arg], arg - cur_arg - 1, err);
+				cfgerr++;
+			else
+				cfgerr = ssl_sock_load_ckchn(crt_path, ckchn, bind_conf, ssl_conf,
+							     &args[cur_arg], arg - cur_arg - 1, err);
 		} else {
 			ckchn =  ckchn_load_cert_file(crt_path, 1,  err);
 			if (!ckchn)
-				return 1;
-			cfgerr = ssl_sock_load_multi_ckchn(crt_path, ckchn, bind_conf, ssl_conf,
-							  &args[cur_arg], arg - cur_arg - 1, err);
+				cfgerr++;
+			else
+				cfgerr = ssl_sock_load_multi_ckchn(crt_path, ckchn, bind_conf, ssl_conf,
+								   &args[cur_arg], arg - cur_arg - 1, err);
 		}
 
 		if (cfgerr) {
-- 
2.47.3