mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2026-02-09 11:21:20 +01:00
Code Issues Projects Releases Wiki Activity

BUG/MINOR: ssl: Fix leaks in 'update ssl ocsp-response' CLI command

Browse Source 
This patch fixes two leaks in the 'update ssl ocsp-response' cli
command. One rather significant one since a whole trash buffer was
allocated for every call of the command, and another more marginal one
in an error path.

This patch does not need to be backported.
This commit is contained in:
Remi Tricot-Le Breton 2023-01-23 15:57:13 +01:00 committed by William Lallemand
parent e06ba90318
commit 305a4f32a5
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/ssl_ocsp.c
View File

@ -1378,11 +1378,13 @@ static int cli_parse_update_ocsp_response(char **args, char *payload, struct app
}
free_trash_chunk(req_url);
free_trash_chunk(req_body);
return 0;
end:
free_trash_chunk(req_url);
free_trash_chunk(req_body);
if (errcode & ERR_CODE) {
return cli_dynerr(appctx, memprintf(&err, "%sCan't send ocsp request for %s!\n", err ? err : "", args[3]));
@ -1435,6 +1437,7 @@ static int cli_io_handler_update_ocsp_response(struct appctx *appctx)
if (ssl_ocsp_check_response(ctx->ckch_data->chain, ctx->ocsp_issuer, &hc->res.buf, &err)) {
chunk_printf(&trash, "%s", err);
free(err);
if (applet_putchk(appctx, &trash) == -1)
goto more;
goto end;
@ -1442,11 +1445,13 @@ static int cli_io_handler_update_ocsp_response(struct appctx *appctx)
if (ssl_sock_update_ocsp_response(&hc->res.buf, &err) != 0) {
chunk_printf(&trash, "%s", err);
free(err);
if (applet_putchk(appctx, &trash) == -1)
goto more;
goto end;
}
free(err);
chunk_reset(&trash);
if (ssl_ocsp_response_print(&hc->res.buf, &trash))