BUG/MINOR: server/ssl: free the SNI sample expression ASAN complains about the SNI expression not being free upon an haproxy -c. Indeed the httpclient is now initialized with a sni expression and this one is never free in the server release code. Must be backported in 2.5 and could be backported in every stable versions.

commit: 43c2ce4d81d8184007a8eb49240b81687c213dec [log] [tgz]
author: William Lallemand <wlallemand@haproxy.org> Wed Mar 16 17:48:19 2022 +0100
committer: William Lallemand <wlallemand@haproxy.org> Wed Mar 16 18:03:15 2022 +0100
tree: 33751ff8ff7d4251dd981242addbe1332bc01d22
parent: 715c101a196187a4f4c9a60093e30b1a1a434483 [diff]
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 83c3a38..19a166a 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c

@@ -69,6 +69,7 @@
 #include <haproxy/ssl_crtlist.h>
 #include <haproxy/ssl_sock.h>
 #include <haproxy/ssl_utils.h>
+#include <haproxy/sample.h>
 #include <haproxy/stats.h>
 #include <haproxy/stream-t.h>
 #include <haproxy/stream_interface.h>
@@ -5445,6 +5446,8 @@
 	ha_free(&srv->ssl_ctx.verify_host);
 #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
 	ha_free(&srv->sni_expr);
+	release_sample_expr(srv->ssl_ctx.sni);
+	srv->ssl_ctx.sni = NULL;
 #endif
 	ha_free(&srv->ssl_ctx.ciphers);
 #ifdef HAVE_SSL_CTX_SET_CIPHERSUITES
commit	43c2ce4d81d8184007a8eb49240b81687c213dec	[log] [tgz]
author	William Lallemand <wlallemand@haproxy.org>	Wed Mar 16 17:48:19 2022 +0100
committer	William Lallemand <wlallemand@haproxy.org>	Wed Mar 16 18:03:15 2022 +0100
tree	33751ff8ff7d4251dd981242addbe1332bc01d22
parent	715c101a196187a4f4c9a60093e30b1a1a434483 [diff]