From b454e908e5ae5bfb86a4dcdc50909374cb5820c9 Mon Sep 17 00:00:00 2001
From: Willy Tarreau <w@1wt.eu>
Date: Mon, 22 Mar 2021 15:09:41 +0100
Subject: [PATCH] MINOR: ssl: use pool_alloc(), not pool_alloc_dirty()

pool_alloc_dirty() is the version below pool_alloc() that never performs
the memory poisonning. It should only be called directly for very large
unstructured areas for which enabling memory poisonning would not bring
anything but could significantly hurt performance (e.g. buffers). Using
this function here will not provide any benefit and will hurt the ability
to debug.

It would be desirable to backport this, although it does not cause any
user-visible bug, it just complicates debugging.
---
 src/ssl_sock.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index debd05e6f..83b9d1142 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -1763,7 +1763,7 @@ static void ssl_sock_parse_clienthello(struct connection *conn, int write_p, int
 	if (msg + rec_len > end || msg + rec_len < msg)
 		return;
 
-	capture = pool_alloc_dirty(pool_head_ssl_capture);
+	capture = pool_alloc(pool_head_ssl_capture);
 	if (!capture)
 		return;
 	/* Compute the xxh64 of the ciphersuite. */