From d7610e6dded19223a4c796c55565f5c57cb912d5 Mon Sep 17 00:00:00 2001
From: Dragan Dosen <ddosen@haproxy.com>
Date: Mon, 11 Mar 2024 18:10:01 +0100
Subject: [PATCH] BUG/MINOR: ssl: fix possible ctx memory leak in
 sample_conv_aes_gcm()

The issue was introduced with the commit c31499d74 ("MINOR: ssl: Add
aes_gcm_dec converter").

This must be backported to all stable branches where the above converter
is present, but it may need to be adjusted for older branches because of
code refactoring.
---
 src/ssl_sample.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/ssl_sample.c b/src/ssl_sample.c
index 42d60ac9d..abe616025 100644
--- a/src/ssl_sample.c
+++ b/src/ssl_sample.c
@@ -280,7 +280,7 @@ static int sample_conv_aes_gcm(const struct arg *arg_p, struct sample *smp, void
 {
 	struct sample nonce, key, aead_tag;
 	struct buffer *smp_trash = NULL, *smp_trash_alloc = NULL;
-	EVP_CIPHER_CTX *ctx;
+	EVP_CIPHER_CTX *ctx = NULL;
 	int size, ret, dec;
 
 	smp_trash_alloc = alloc_trash_chunk();
@@ -407,11 +407,13 @@ static int sample_conv_aes_gcm(const struct arg *arg_p, struct sample *smp, void
 	smp_dup(smp);
 	free_trash_chunk(smp_trash_alloc);
 	free_trash_chunk(smp_trash);
+	EVP_CIPHER_CTX_free(ctx);
 	return 1;
 
 err:
 	free_trash_chunk(smp_trash_alloc);
 	free_trash_chunk(smp_trash);
+	EVP_CIPHER_CTX_free(ctx);
 	return 0;
 }
 #endif