BUG/MEDIUM: ssl: fix ssl_bind_conf double free
Since commit 2954c47 ("MEDIUM: ssl: allow crt-list caching"), the
ssl_bind_conf is allocated directly in the crt-list, and the crt-list
can be shared between several bind_conf. The deinit() code wasn't
changed to handle that.
This patch fixes the issue by removing the free of the ssl_conf in
ssl_sock_free_all_ctx().
It should be completed with a patch that free the ssl_conf and the
crt-list.
Fix issue #700.
diff --git a/include/haproxy/ssl_sock-t.h b/include/haproxy/ssl_sock-t.h
index d54469c..cc7a7aa 100644
--- a/include/haproxy/ssl_sock-t.h
+++ b/include/haproxy/ssl_sock-t.h
@@ -134,7 +134,7 @@
unsigned int neg:1; /* reject if match */
unsigned int wild:1; /* wildcard sni */
struct pkey_info kinfo; /* pkey info */
- struct ssl_bind_conf *conf; /* ssl "bind" conf for the certificate */
+ struct ssl_bind_conf *conf; /* ptr to a crtlist's ssl_conf, must not be free from here */
struct list by_ckch_inst; /* chained in ckch_inst's list of sni_ctx */
struct ckch_inst *ckch_inst; /* instance used to create this sni_ctx */
struct ebmb_node name; /* node holding the servername value */
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 322613c..715ae9d 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -4763,11 +4763,6 @@
back = ebmb_next(node);
ebmb_delete(node);
SSL_CTX_free(sni->ctx);
- if (!sni->order) { /* only free the CTX conf on its first occurrence */
- ssl_sock_free_ssl_conf(sni->conf);
- free(sni->conf);
- sni->conf = NULL;
- }
free(sni);
node = back;
}