RepoMirrors/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git/ synced 2025-03-25 04:17:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

BUG/MINOR: ssl: double free on error for ckch->{key,cert}

Browse Source 
On last error in ssl_sock_load_pem_into_ckch, key/cert are released
and ckch->{key,cert} are released in ssl_sock_free_cert_key_and_chain_contents.
This commit is contained in:
Emmanuel Hocdet 2019-10-25 11:55:03 +02:00 committed by William Lallemand
parent ed17f47c71
commit 83cbd3c89f
1 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
src/ssl_sock.c
View File

@ -3097,7 +3097,7 @@ static int ssl_sock_load_pem_into_ckch(const char *path, char *buf, struct cert_
{
BIO *in = NULL;
int ret = 1;
X509 *ca = NULL;
X509 *ca;
X509 *cert = NULL;
EVP_PKEY *key = NULL;
DH *dh;
@ -3172,10 +3172,12 @@ static int ssl_sock_load_pem_into_ckch(const char *path, char *buf, struct cert_
if (ckch->key) /* free the previous key */
EVP_PKEY_free(ckch->key);
ckch->key = key;
key = NULL;
if (ckch->cert) /* free the previous cert */
X509_free(ckch->cert);
ckch->cert = cert;
cert = NULL;
/* Look for a Certificate Chain */
ca = PEM_read_bio_X509(in, NULL, NULL, NULL);
@ -3215,12 +3217,10 @@ end:
ERR_clear_error();
if (in)
BIO_free(in);
if (ret != 0) {
if (key)
EVP_PKEY_free(key);
if (cert)
X509_free(cert);
}
if (key)
EVP_PKEY_free(key);
if (cert)
X509_free(cert);
return ret;
}