From 43c2ce4d81d8184007a8eb49240b81687c213dec Mon Sep 17 00:00:00 2001
From: William Lallemand <wlallemand@haproxy.org>
Date: Wed, 16 Mar 2022 17:48:19 +0100
Subject: [PATCH] BUG/MINOR: server/ssl: free the SNI sample expression

ASAN complains about the SNI expression not being free upon an haproxy
-c. Indeed the httpclient is now initialized with a sni expression and
this one is never free in the server release code.

Must be backported in 2.5 and could be backported in every stable
versions.
---
 src/ssl_sock.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 83c3a38653..19a166aa98 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -69,6 +69,7 @@
 #include <haproxy/ssl_crtlist.h>
 #include <haproxy/ssl_sock.h>
 #include <haproxy/ssl_utils.h>
+#include <haproxy/sample.h>
 #include <haproxy/stats.h>
 #include <haproxy/stream-t.h>
 #include <haproxy/stream_interface.h>
@@ -5445,6 +5446,8 @@ void ssl_sock_free_srv_ctx(struct server *srv)
 	ha_free(&srv->ssl_ctx.verify_host);
 #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
 	ha_free(&srv->sni_expr);
+	release_sample_expr(srv->ssl_ctx.sni);
+	srv->ssl_ctx.sni = NULL;
 #endif
 	ha_free(&srv->ssl_ctx.ciphers);
 #ifdef HAVE_SSL_CTX_SET_CIPHERSUITES