From 8621ac5570a7cd225005f35808616d28a9774e88 Mon Sep 17 00:00:00 2001
From: William Lallemand <wlallemand@haproxy.com>
Date: Wed, 8 Apr 2020 17:38:27 +0200
Subject: [PATCH] BUG/MINOR: ssl: memleak of the struct cert_key_and_chain

Free the struct cert_key_and_chain when calling ckchs_free(),
a memory leak can occur when using 'commit ssl cert'.

Must be backported to 2.1.
---
 src/ssl_sock.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 58776eec36..8f84c676bf 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -3762,12 +3762,16 @@ void ckchs_free(struct ckch_store *ckchs)
 	if (ckchs->multi) {
 		int n;
 
-		for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++)
+		for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
 			ssl_sock_free_cert_key_and_chain_contents(&ckchs->ckch[n]);
+		}
+		free(ckchs->ckch);
+		ckchs->ckch = NULL;
 	} else
 #endif
 	{
 		ssl_sock_free_cert_key_and_chain_contents(ckchs->ckch);
+		free(ckchs->ckch);
 		ckchs->ckch = NULL;
 	}