BUG/MEDIUM: ssl: Don't forget to free ctx->ssl on failure. In ssl_sock_init(), if we fail to allocate the BIO, don't forget to free the SSL *, or we'd end up with a memory leak. This should be backported to 2.1 and 2.0. (cherry picked from commit efe5e8e99890b24dcfb8c925d98bf82e2fdf0b9f) Signed-off-by: Willy Tarreau <w@1wt.eu> (cherry picked from commit a95b302da71065e443477c2cbcd852ebb52d6db3) Signed-off-by: Willy Tarreau <w@1wt.eu>

commit: b451b97a043af09d676885c20b30c7a690ddb7e0 [log] [tgz]
author: Olivier Houchard <cognet@ci0.org> Fri Jan 24 15:17:38 2020 +0100
committer: Willy Tarreau <w@1wt.eu> Fri Jan 24 16:08:54 2020 +0100
tree: 35a533ca5c838f9170b6cfc65933b36e5317531d
parent: ba0244b3b03f34821e6e7df7b8b28a2840344fa8 [diff] [blame]
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index b28c9cd..c487ffc 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c

@@ -5250,6 +5250,8 @@
 		}
 		ctx->bio = BIO_new(ha_meth);
 		if (!ctx->bio) {
+			SSL_free(ctx->ssl);
+			ctx->ssl = NULL;
 			if (may_retry--) {
 				pool_gc(NULL);
 				goto retry_connect;
@@ -5326,6 +5328,8 @@
 
 		ctx->bio = BIO_new(ha_meth);
 		if (!ctx->bio) {
+			SSL_free(ctx->ssl);
+			ctx->ssl = NULL;
 			if (may_retry--) {
 				pool_gc(NULL);
 				goto retry_accept;
commit	b451b97a043af09d676885c20b30c7a690ddb7e0	[log] [tgz]
author	Olivier Houchard <cognet@ci0.org>	Fri Jan 24 15:17:38 2020 +0100
committer	Willy Tarreau <w@1wt.eu>	Fri Jan 24 16:08:54 2020 +0100
tree	35a533ca5c838f9170b6cfc65933b36e5317531d
parent	ba0244b3b03f34821e6e7df7b8b28a2840344fa8 [diff] [blame]