CLEANUP: ssl: make ssl_sock_free_srv_ctx() zero the pointers after free
In ssl_sock_free_srv_ctx() there are some calls to free() which are not
followed by a zeroing of the pointers. For now this function is only used
during deinit but it could be used at run time in the near future, so
better secure this.
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 580c6fe..b10281a 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -4996,22 +4996,24 @@
{
#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
if (srv->ssl_ctx.alpn_str)
- free(srv->ssl_ctx.alpn_str);
+ ha_free(&srv->ssl_ctx.alpn_str);
#endif
#ifdef OPENSSL_NPN_NEGOTIATED
if (srv->ssl_ctx.npn_str)
- free(srv->ssl_ctx.npn_str);
+ ha_free(&srv->ssl_ctx.npn_str);
#endif
if (srv->ssl_ctx.reused_sess) {
int i;
for (i = 0; i < global.nbthread; i++)
- free(srv->ssl_ctx.reused_sess[i].ptr);
- free(srv->ssl_ctx.reused_sess);
+ ha_free(&srv->ssl_ctx.reused_sess[i].ptr);
+ ha_free(&srv->ssl_ctx.reused_sess);
}
- if (srv->ssl_ctx.ctx)
+ if (srv->ssl_ctx.ctx) {
SSL_CTX_free(srv->ssl_ctx.ctx);
+ srv->ssl_ctx.ctx = NULL;
+ }
}
/* Walks down the two trees in bind_conf and frees all the certs. The pointer may