BUG/MINOR: ssl: fix double-free on failed realloc in ssl_sock.c

Recent commit 90bfbea7c0 ("BUG/MINOR: ssl: fix memory leaks on realloc
failure in ssl_sock.c") accidentally turned a memory leak in case of
allocation failure into a double-free: the original pointer must no
longer be released. In addition, the allocated_size has to be reset
in case of failure. This needs to be backported to 3.3 like previous
commit.

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index d818de7aa4e4fd6688783e34537e8a439f1b909f..54a2bb043e3e7142241c9325f2ea27bc557b59a9 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -4252,10 +4252,8 @@ static int ssl_sess_new_srv_cb(SSL *ssl, SSL_SESSION *sess)
                        /* insufficient storage, reallocate */
                        len = (len + 7) & -8; /* round to the nearest 8 bytes */
                        ptr = my_realloc2(ptr, len);
-                       if (!ptr)
-                               free(s->ssl_ctx.reused_sess[tid].ptr);
                        s->ssl_ctx.reused_sess[tid].ptr = ptr;
-                       s->ssl_ctx.reused_sess[tid].allocated_size = len;
+                       s->ssl_ctx.reused_sess[tid].allocated_size = ptr ? len : 0;
                }
 
                if (ptr) {