From f8b7299ee7687612dad7b32b27411b93e057e5b3 Mon Sep 17 00:00:00 2001 From: Christopher Faulet Date: Mon, 1 Sep 2025 15:13:07 +0200 Subject: [PATCH] BUG/MINOR: server: Duplicate healthcheck's sni inherited from default server It is not really an issue, but the "check-sni" value inerited from a default server is not duplicated while the paramter value is duplicated during the parsing. So here there is a small leak if several "check-sni" parameters are used on the same server line. The previous value is never released. But to fix this issue, the value inherited from the default server must also be duplicated. At the end it is safer this way and consistant with the parsing of the "sni" parameter. It is harmless so there is no reason to backport this patch. --- src/cfgparse-ssl.c | 1 + src/check.c | 1 + src/server.c | 3 ++- 3 files changed, 4 insertions(+), 1 deletion(-) diff --git a/src/cfgparse-ssl.c b/src/cfgparse-ssl.c index 0204dca79..583461d6a 100644 --- a/src/cfgparse-ssl.c +++ b/src/cfgparse-ssl.c @@ -1651,6 +1651,7 @@ static int srv_parse_check_sni(char **args, int *cur_arg, struct proxy *px, stru return ERR_ALERT | ERR_FATAL; } + free(newsrv->check.sni); newsrv->check.sni = strdup(args[*cur_arg + 1]); if (!newsrv->check.sni) { memprintf(err, "'%s' : failed to allocate memory", args[*cur_arg]); diff --git a/src/check.c b/src/check.c index c994108ac..186ddb019 100644 --- a/src/check.c +++ b/src/check.c @@ -1574,6 +1574,7 @@ void free_check(struct check *check) } ha_free(&check->pool_conn_name); + ha_free(&check->sni); ha_free(&check->alpn_str); task_destroy(check->task); diff --git a/src/server.c b/src/server.c index ccaa1665a..cfdf9cdf2 100644 --- a/src/server.c +++ b/src/server.c @@ -2900,7 +2900,8 @@ void srv_settings_cpy(struct server *srv, const struct server *src, int srv_tmpl srv->agent.addr = src->agent.addr; srv->check.use_ssl = src->check.use_ssl; srv->check.port = src->check.port; - srv->check.sni = src->check.sni; + if (src->check.sni != NULL) + srv->check.sni = strdup(src->check.sni); if (src->check.alpn_str) { srv->check.alpn_str = malloc(src->check.alpn_len); if (srv->check.alpn_str) {