From e242f3dfb8ae2f27de9d10d90a783df05d5c849b Mon Sep 17 00:00:00 2001
From: Ilya Shipitsin <chipitsine@gmail.com>
Date: Sat, 25 May 2019 03:38:14 +0500
Subject: [PATCH] BUG/MINOR: ssl_sock: Fix memory leak when disabling
 compression

according to manpage:

       sk_TYPE_zero() sets the number of elements in sk to zero. It
       does not free sk so after this call sk is still valid.

so we need to free all elements

[wt: seems like it has been there forever and should be backported
 to all stable branches]
---
 src/ssl_sock.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 651afa3a7..4a0ad7684 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -9702,6 +9702,7 @@ __attribute__((constructor))
 static void __ssl_sock_init(void)
 {
 	STACK_OF(SSL_COMP)* cm;
+	int n;
 
 	if (global_ssl.listen_default_ciphers)
 		global_ssl.listen_default_ciphers = strdup(global_ssl.listen_default_ciphers);
@@ -9719,7 +9720,11 @@ static void __ssl_sock_init(void)
 	SSL_library_init();
 #endif
 	cm = SSL_COMP_get_compression_methods();
-	sk_SSL_COMP_zero(cm);
+	n = sk_SSL_COMP_num(cm);
+	while (n--) {
+		(void) sk_SSL_COMP_pop(cm);
+	}
+
 #if defined(USE_THREAD) && (HA_OPENSSL_VERSION_NUMBER < 0x10100000L)
 	ssl_locking_init();
 #endif