From f813dab17540836d3b2f1cbdb275927886c06b15 Mon Sep 17 00:00:00 2001
From: William Lallemand <wlallemand@haproxy.org>
Date: Mon, 14 Nov 2022 11:36:11 +0100
Subject: [PATCH] BUG/MINOR: ssl:  crt-ignore-err memory leak with 'all'
 parameter

Only allocate "str" if the parameter is not "all" in order to avoid any
memory leak.

No backport needed.
---
 src/cfgparse-ssl.c | 17 ++++++++---------
 1 file changed, 8 insertions(+), 9 deletions(-)

diff --git a/src/cfgparse-ssl.c b/src/cfgparse-ssl.c
index 8925feaf8..d9e93e440 100644
--- a/src/cfgparse-ssl.c
+++ b/src/cfgparse-ssl.c
@@ -836,15 +836,6 @@ static int bind_parse_ignore_err(char **args, int cur_arg, struct proxy *px, str
 		return ERR_ALERT | ERR_FATAL;
 	}
 
-	/* copy the string to be able to dump the complete one in case of
-	 * error, because strtok_r is writing \0 inside. */
-	str = strdup(p);
-	if (!str) {
-		memprintf(err, "'%s' : Could not allocate memory", args[cur_arg]);
-		return ERR_ALERT | ERR_FATAL;
-
-	}
-
 	if (strcmp(args[cur_arg], "ca-ignore-err") == 0)
 		ignerr = conf->ca_ignerr_bitfield;
 
@@ -853,6 +844,14 @@ static int bind_parse_ignore_err(char **args, int cur_arg, struct proxy *px, str
 		return 0;
 	}
 
+	/* copy the string to be able to dump the complete one in case of
+	 * error, because strtok_r is writing \0 inside. */
+	str = strdup(p);
+	if (!str) {
+		memprintf(err, "'%s' : Could not allocate memory", args[cur_arg]);
+		return ERR_ALERT | ERR_FATAL;
+	}
+
 	s1 = str;
 	while ((token = strtok_r(s1, ",", &s2))) {
 		s1 = NULL;