BUG/MINOR: ssl/cli: fix a lock leak when no memory available This bug was introduced in e5ff4ad ("BUG/MINOR: ssl: fix a trash buffer leak in some error cases"). When cli_parse_set_cert() returns because alloc_trash_chunk() failed, it does not unlock the spinlock which can lead to a deadlock later. Must be backported as far as 2.1 where e5ff4ad was backported.

commit: 5ba80d677d563517bb9754c272e6df94adae281b [log] [tgz]
author: William Lallemand <wlallemand@haproxy.org> Tue May 04 16:17:27 2021 +0200
committer: William Lallemand <wlallemand@haproxy.org> Tue May 04 16:40:44 2021 +0200
tree: 9defbf7d24b8441b9b35b88b3fea13bdf7fdd0bf
parent: 18b2a9dd874b66acca304580047fa6b3c16da1e3 [diff]
diff --git a/src/ssl_ckch.c b/src/ssl_ckch.c
index c41c178..a6f18bd 100644
--- a/src/ssl_ckch.c
+++ b/src/ssl_ckch.c

@@ -1560,8 +1560,11 @@
 	if (HA_SPIN_TRYLOCK(CKCH_LOCK, &ckch_lock))
 		return cli_err(appctx, "Can't update the certificate!\nOperations on certificates are currently locked!\n");
 
-	if ((buf = alloc_trash_chunk()) == NULL)
-		return cli_err(appctx, "Can't allocate memory\n");
+	if ((buf = alloc_trash_chunk()) == NULL) {
+		memprintf(&err, "%sCan't allocate memory\n", err ? err : "");
+		errcode |= ERR_ALERT | ERR_FATAL;
+		goto end;
+	}
 
 	if (!chunk_strcpy(buf, args[3])) {
 		memprintf(&err, "%sCan't allocate memory\n", err ? err : "");
commit	5ba80d677d563517bb9754c272e6df94adae281b	[log] [tgz]
author	William Lallemand <wlallemand@haproxy.org>	Tue May 04 16:17:27 2021 +0200
committer	William Lallemand <wlallemand@haproxy.org>	Tue May 04 16:40:44 2021 +0200
tree	9defbf7d24b8441b9b35b88b3fea13bdf7fdd0bf
parent	18b2a9dd874b66acca304580047fa6b3c16da1e3 [diff]