RepoMirrors/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git/ synced 2025-01-03 18:52:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

BUG/MINOR: ssl/cli: memory leak in 'set ssl cert'

Browse Source 
When deleting the previous SNI entries with 'set ssl cert', the old
SSL_CTX' were not free'd, which probably prevent the completion of the
free of the X509 in the old ckch_store, because of the refcounts in the
SSL library.

This bug was introduced by 150bfa8 ("MEDIUM: cli/ssl: handle the
creation of SSL_CTX in an IO handler").

Must be backported to 2.1.
This commit is contained in:
William Lallemand 2020-04-08 15:16:51 +02:00 committed by William Lallemand
parent 41ca930e58
commit 24be710609
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/ssl_sock.c
View File

@ -12103,6 +12103,8 @@ static int cli_io_handler_commit_cert(struct appctx *appctx)
HA_RWLOCK_WRLOCK(SNI_LOCK, &ckchi->bind_conf->sni_lock);
list_for_each_entry_safe(sc0, sc0s, &ckchi->sni_ctx, by_ckch_inst) {
if (sc0->order == 0) /* we only free if it's the first inserted */
SSL_CTX_free(sc0->ctx);
ebmb_delete(&sc0->name);
LIST_DEL(&sc0->by_ckch_inst);
free(sc0);