mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-12-07 18:51:21 +01:00
Code Issues Projects Releases Wiki Activity

BUG/MINOR: ssl: memleak of struct crtlist_entry

Browse Source 
There is a memleak of the entry structure in crtlist_load_cert_dir(), in
the case we can't stat the file, or this is not a regular file. Let's
move the entry allocation so it's done after these tests.

Fix issue #551.
This commit is contained in:
William Lallemand 2020-03-17 20:11:41 +01:00 committed by William Lallemand
parent c62d9ab7cb
commit a64593c80d
1 changed files with 10 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
src/ssl_sock.c
View File

@ -4478,6 +4478,16 @@ static int crtlist_load_cert_dir(char *path, struct bind_conf *bind_conf, struct
if (end && (!strcmp(end, ".issuer") || !strcmp(end, ".ocsp") || !strcmp(end, ".sctl") || !strcmp(end, ".key")))
goto ignore_entry;
snprintf(fp, sizeof(fp), "%s/%s", path, de->d_name);
if (stat(fp, &buf) != 0) {
memprintf(err, "%sunable to stat SSL certificate from file '%s' : %s.\n",
err && *err ? *err : "", fp, strerror(errno));
cfgerr |= ERR_ALERT | ERR_FATAL;
goto ignore_entry;
}
if (!S_ISREG(buf.st_mode))
goto ignore_entry;
entry = malloc(sizeof(*entry));
if (entry == NULL) {
memprintf(err, "not enough memory '%s'", fp);
@ -4490,16 +4500,6 @@ static int crtlist_load_cert_dir(char *path, struct bind_conf *bind_conf, struct
entry->filters = NULL;
entry->ssl_conf = NULL;
snprintf(fp, sizeof(fp), "%s/%s", path, de->d_name);
if (stat(fp, &buf) != 0) {
memprintf(err, "%sunable to stat SSL certificate from file '%s' : %s.\n",
err && *err ? *err : "", fp, strerror(errno));
cfgerr |= ERR_ALERT | ERR_FATAL;
goto ignore_entry;
}
if (!S_ISREG(buf.st_mode))
goto ignore_entry;
#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
is_bundle = 0;
/* Check if current entry in directory is part of a multi-cert bundle */