mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2026-05-04 20:46:11 +02:00
Code Issues Projects Releases Wiki Activity

BUG/MINOR: ssl: Fix leak in "show ssl ocsp-response" CLI command

Browse Source 
When calling the "show ssl ocsp-response" CLI command some OpenSSL
objects need to be created in order to get some information related to
the OCSP response and some of them were not freed.

It should be backported to 2.5.
This commit is contained in:
Remi Tricot-Le Breton 2022-02-16 15:03:51 +01:00 committed by William Lallemand
parent a9a591ab3d
commit 8081b67699
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/ssl_sock.c
View File

@ -7511,9 +7511,12 @@ static int cli_io_handler_show_ocspresponse(struct appctx *appctx)
/* Decode the certificate ID (serialized into the key). */
d2i_OCSP_CERTID(&certid, &p, ocsp->key_length);
if (!certid)
goto end;
/* Dump the CERTID info */
ocsp_certid_print(bio, certid, 1);
OCSP_CERTID_free(certid);
write = BIO_read(bio, tmp->area, tmp->size-1);
/* strip trailing LFs */
while (write > 0 && tmp->area[write-1] == '\n')
@ -7580,7 +7583,7 @@ int ssl_ocsp_response_print(struct buffer *ocsp_response, struct buffer *out)
resp = d2i_OCSP_RESPONSE(NULL, &p, ocsp_response->data);
if (!resp) {
chunk_appendf(out, "Unable to parse OCSP response");
return -1;
goto end;
}
if (OCSP_RESPONSE_print(bio, resp, 0) != 0) {
@ -7623,9 +7626,12 @@ int ssl_ocsp_response_print(struct buffer *ocsp_response, struct buffer *out)
retval = (b_istput(out, ist_block) <= 0);
}
end:
if (bio)
BIO_free(bio);
OCSP_RESPONSE_free(resp);
return retval;
}