From: William Lallemand <wlallemand@haproxy.com>
Date: Fri, 20 Mar 2020 13:10:17 +0000 (+0100)
Subject: BUG/MINOR: ssl/cli: free BIO upon error in 'show ssl cert'
X-Git-Tag: v2.2-dev5~9
X-Git-Url: http://git.haproxy.org/?a=commitdiff_plain;h=67b991d370108f44a88143851f904d78f84a3842;p=haproxy-2.5.git

BUG/MINOR: ssl/cli: free BIO upon error in 'show ssl cert'

Fix a memory leak that could happen upon a "show ssl cert" if notBefore:
or notAfter: failed to extract its ASN1 string.

Introduced by d4f946c ("MINOR: ssl/cli: 'show ssl cert' give information
on the certificates"). 2.2 only.
---

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index e5cee53..bf571dd 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -11293,6 +11293,7 @@ static int cli_io_handler_show_cert_detail(struct appctx *appctx)
 		write = BIO_read(bio, tmp->area, tmp->size-1);
 		tmp->area[write] = '\0';
 		BIO_free(bio);
+		bio = NULL;
 		chunk_appendf(out, "%s\n", tmp->area);
 
 		chunk_appendf(out, "notAfter: ");
@@ -11305,6 +11306,7 @@ static int cli_io_handler_show_cert_detail(struct appctx *appctx)
 			goto end;
 		tmp->area[write] = '\0';
 		BIO_free(bio);
+		bio = NULL;
 		chunk_appendf(out, "%s\n", tmp->area);
 
 #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
@@ -11372,6 +11374,8 @@ end:
 		goto yield;
 	}
 
+	if (bio)
+		BIO_free(bio);
 	free_trash_chunk(tmp);
 	free_trash_chunk(out);
 	return 1;