Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / 4cf0d3f1e8e2ffc6901dc36644efa31b67d172f1
commit4cf0d3f1e8e2ffc6901dc36644efa31b67d172f1[log] [tgz]
authorRemi Tricot-Le Breton <rlebreton@haproxy.com>Thu Dec 15 15:44:37 2022 +0100
committerWilliam Lallemand <wlallemand@haproxy.org>Thu Dec 15 16:33:43 2022 +0100
treef768beb07c38b244f652273657512e9e5a711b86
parente3d5f9a92b5c1f0affac677f7ef9b8f030dbb64b [diff]
BUG/MINOR: ssl: Fix memory leak of find_chain in ssl_sock_load_cert_chain

The certificate chain that gets passed in the SSL_CTX through
SSL_CTX_set1_chain has its reference counter increased by OpenSSL
itself. But since the ssl_sock_load_cert_chain function might create a
brand new certificate chain if none exists in the ckch_data
(sk_X509_new_null), then we ended up returning a new certificate chain
to the caller that was never destroyed.

This patch can be backported to all stable branches but it might need to
be reworked for branches older than 2.4 because of commit ec805a32b9
that refactorized the modified code.
1 file changed
tree: f768beb07c38b244f652273657512e9e5a711b86
  1. .github/
  2. addons/
  3. admin/
  4. dev/
  5. doc/
  6. examples/
  7. include/
  8. reg-tests/
  9. scripts/
  10. src/
  11. tests/
  12. .cirrus.yml
  13. .gitattributes
  14. .gitignore
  15. .mailmap
  16. .travis.yml
  17. BRANCHES
  18. CHANGELOG
  19. CONTRIBUTING
  20. INSTALL
  21. LICENSE
  22. MAINTAINERS
  23. Makefile
  24. README
  25. SUBVERS
  26. VERDATE
  27. VERSION