mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-09-22 06:11:32 +02:00
Code Issues Projects Releases Wiki Activity

BUG/MINOR: ssl: memory leak when find_chain is NULL

Browse Source 
This bug was introduced by 85888573 "BUG/MEDIUM: ssl: chain must be
initialized with sk_X509_new_null()". No need to set find_chain with
sk_X509_new_null(), use find_chain conditionally to fix issue #516.

This bug was referenced by issue #559.

[wla: fix some alignment/indentation issue]
This commit is contained in:
Emmanuel Hocdet 2020-03-23 10:31:47 +01:00 committed by William Lallemand
parent 3328f18596
commit f4f14eacd3
1 changed files with 21 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/ssl_sock.c
View File

@ -3634,11 +3634,8 @@ static int ssl_sock_put_ckch_into_ctx(const char *path, const struct cert_key_an
find_chain = issuer->chain; find_chain = issuer->chain;
} }
/* If we didn't find a chain we *MUST* use an empty X509 structure */
if (find_chain == NULL)
find_chain = sk_X509_new_null();
/* Load all certs in the ckch into the ctx_chain for the ssl_ctx */ /* Load all certs in the ckch into the ctx_chain for the ssl_ctx */
if (find_chain)
#ifdef SSL_CTX_set1_chain #ifdef SSL_CTX_set1_chain
if (!SSL_CTX_set1_chain(ctx, find_chain)) { if (!SSL_CTX_set1_chain(ctx, find_chain)) {
memprintf(err, "%sunable to load chain certificate into SSL Context '%s'. Make sure you are linking against Openssl >= 1.0.2.\n", memprintf(err, "%sunable to load chain certificate into SSL Context '%s'. Make sure you are linking against Openssl >= 1.0.2.\n",