commit f176a2a12f611cf3ce97d9cdc73d17456e0d22ba
author Aurelien DARRAGON <adarragon@haproxy.com> Tue Jun 04 15:15:29 2024 +0200
committer Amaury Denoyelle <adenoyelle@haproxy.com> Thu Jun 06 18:49:32 2024 +0200
tree 0e4398fc240c9da0e42900fa7c883f88b3845ec9
parent 5bb4175a207ea16165aecf1e951f722ab0a4000d

BUG/MINOR: hlua: fix leak in hlua_ckch_set() error path

in hlua_ckch_commit_yield() and hlua_ckch_set(), when an error occurs,
we enter the error path and try to raise an error from the <err> msg
pointer which must be freed afterwards.

However, the fact that luaL_error() never returns was overlooked, because
of that <err> msg is never freed in such case.

To fix the issue, let's use hlua_pushfstring_safe() helper to push the
err on the lua stack and then free it before throwing the error using
lua_error().

It should be backported up to 2.6 with 30fcca18 ("MINOR: ssl/lua:
CertCache.set() allows to update an SSL certificate file")

(cherry picked from commit 755c2daf0f88885fd6825c55ae59198726c4905e)
Signed-off-by: Amaury Denoyelle <adenoyelle@haproxy.com>
(cherry picked from commit 8b8fb7776eb7b28b07e6d5c3439f3725c9342cb4)
Signed-off-by: Amaury Denoyelle <adenoyelle@haproxy.com>
(cherry picked from commit 8834a30910a14af47d74b77369aae5dd9452fbfa)
Signed-off-by: Amaury Denoyelle <adenoyelle@haproxy.com>

src/hlua.c

diff --git a/src/hlua.c b/src/hlua.c
index 0ea1a45..8f759a3 100644
--- a/src/hlua.c
+++ b/src/hlua.c
@@ -13072,8 +13072,9 @@
 error:
 	ckch_store_free(new_ckchs);
 	HA_SPIN_UNLOCK(CKCH_LOCK, &ckch_lock);
-	WILL_LJMP(luaL_error(L, "%s", err));
+	hlua_pushfstring_safe(L, "%s", err);
 	free(err);
+	WILL_LJMP(lua_error(L));
 
 	return 0;
 }
@@ -13216,7 +13217,9 @@
 
 	if (errcode & ERR_CODE) {
 		ckch_store_free(new_ckchs);
-		WILL_LJMP(luaL_error(L, "%s", err));
+		hlua_pushfstring_safe(L, "%s", err);
+		free(err);
+		WILL_LJMP(lua_error(L));
 	}
 	free(err);