commit 16aa0153b50cc051432ffd82a86ea0a1e258e650
author mildis <me@mildis.org> Wed Jun 22 17:46:29 2016 +0200
committer Willy Tarreau <w@1wt.eu> Fri Jun 24 15:27:30 2016 +0200
tree a5dafec1f8b5aa1c00d74835021782f20bcaba4e
parent a58c4359bb2d11fcaed27bb3ec1cabd9b16d4ccb

BUG/MINOR: ssl: close ssl key file on error

Explicitly close the FILE opened to read the ssl key file when parsing
fails to find a valid key.

This fix needs to be backported to 1.6.

src/ssl_sock.c

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 6635d5c..88d74d2 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -5401,6 +5401,7 @@
 		if (base64dec(thisline, len, (char *) (keys_ref->tlskeys + i % TLS_TICKETS_NO), sizeof(struct tls_sess_key)) != sizeof(struct tls_sess_key)) {
 			if (err)
 				memprintf(err, "'%s' : unable to decode base64 key on line %d", args[cur_arg+1], i + 1);
+			fclose(f);
 			return ERR_ALERT | ERR_FATAL;
 		}
 		i++;
@@ -5409,6 +5410,7 @@
 	if (i < TLS_TICKETS_NO) {
 		if (err)
 			memprintf(err, "'%s' : please supply at least %d keys in the tls-tickets-file", args[cur_arg+1], TLS_TICKETS_NO);
+		fclose(f);
 		return ERR_ALERT | ERR_FATAL;
 	}