From a290db5706e76f4cdfd20067a8e73805acddeb65 Mon Sep 17 00:00:00 2001 From: Remi Tricot-Le Breton Date: Wed, 7 Feb 2024 16:38:44 +0100 Subject: [PATCH] BUG/MINOR: ssl: Destroy ckch instances before the store during deinit The ckch_store's free'ing function might end up calling 'ssl_sock_free_ocsp' if the corresponding certificate had ocsp data. This ocsp cleanup function expects for the 'refcount_instance' member of the certificate_ocsp structure to be 0, meaning that no live ckch instance kept a reference on this certificate_ocsp structure. But since in ckch_store_free we were destroying the ckch_data before destroying the linked instances, the BUG_ON would fail during a standard deinit. Reversing the cleanup order fixes the problem. Must be backported to 2.8. --- src/ssl_ckch.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/ssl_ckch.c b/src/ssl_ckch.c index 1eef87ae2..f32e9b828 100644 --- a/src/ssl_ckch.c +++ b/src/ssl_ckch.c @@ -888,14 +888,14 @@ void ckch_store_free(struct ckch_store *store) if (!store) return; - ssl_sock_free_cert_key_and_chain_contents(store->data); - - ha_free(&store->data); - list_for_each_entry_safe(inst, inst_s, &store->ckch_inst, by_ckchs) { ckch_inst_free(inst); } ebmb_delete(&store->node); + + ssl_sock_free_cert_key_and_chain_contents(store->data); + ha_free(&store->data); + free(store); }