From 0522264eb46124ba00ed267d65a14d19b55953e4 Mon Sep 17 00:00:00 2001 From: Willy Tarreau Date: Mon, 27 Apr 2026 08:38:31 +0200 Subject: [PATCH] BUG/MINOR: ssl: fix double-free on failed realloc in ssl_sock.c Recent commit 90bfbea7c0 ("BUG/MINOR: ssl: fix memory leaks on realloc failure in ssl_sock.c") accidentally turned a memory leak in case of allocation failure into a double-free: the original pointer must no longer be released. In addition, the allocated_size has to be reset in case of failure. This needs to be backported to 3.3 like previous commit. --- src/ssl_sock.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/src/ssl_sock.c b/src/ssl_sock.c index d818de7aa..54a2bb043 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -4252,10 +4252,8 @@ static int ssl_sess_new_srv_cb(SSL *ssl, SSL_SESSION *sess) /* insufficient storage, reallocate */ len = (len + 7) & -8; /* round to the nearest 8 bytes */ ptr = my_realloc2(ptr, len); - if (!ptr) - free(s->ssl_ctx.reused_sess[tid].ptr); s->ssl_ctx.reused_sess[tid].ptr = ptr; - s->ssl_ctx.reused_sess[tid].allocated_size = len; + s->ssl_ctx.reused_sess[tid].allocated_size = ptr ? len : 0; } if (ptr) {