From 311e0aa5c712f38700b7b185c0d5f1aa33c48613 Mon Sep 17 00:00:00 2001 From: William Lallemand Date: Fri, 9 May 2025 19:01:28 +0200 Subject: [PATCH] BUG/MINOR: ssl/ckch: always free() the previous entry during parsing The ckch_conf_parse() function is the generic function which parses crt-store keywords from the crt-store section, and also from a crt-list. When having multiple time the same keyword, a leak of the previous value happens. This patch ensure that the previous value is always freed before overwriting it. This patch should be backported as far as 3.0. --- src/ssl_ckch.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/ssl_ckch.c b/src/ssl_ckch.c index ea60bd3f3..cf1357168 100644 --- a/src/ssl_ckch.c +++ b/src/ssl_ckch.c @@ -4870,6 +4870,7 @@ int ckch_conf_parse(char **args, int cur_arg, struct ckch_conf *f, int *found, c if (ckch_conf_kws[i].type == PARSE_TYPE_STR) { char **t = target; + ha_free(t); *t = strdup(args[cur_arg + 1]); if (!*t) { ha_alert("parsing [%s:%d]: out of memory.\n", file, linenum);