From d32c8e3ccbd18d200c57458c3023643cdc971ef1 Mon Sep 17 00:00:00 2001
From: Remi Tricot-Le Breton <rlebreton@haproxy.com>
Date: Tue, 21 Mar 2023 10:28:34 +0100
Subject: [PATCH] BUG/MINOR: ssl: Fix potential leak in
 cli_parse_update_ocsp_response

In some extremely unlikely case (or even impossible for now), we might
exit cli_parse_update_ocsp_response without raising an error but with a
filled 'err' buffer. It was not properly free'd.

It does not need to be backported.
---
 src/ssl_ocsp.c |    2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/ssl_ocsp.c b/src/ssl_ocsp.c
index 979a87b..8a7cb27 100644
--- a/src/ssl_ocsp.c
+++ b/src/ssl_ocsp.c
@@ -1397,6 +1397,8 @@ static int cli_parse_update_ocsp_response(char **args, char *payload, struct app
 
 	task_wakeup(ocsp_update_task, TASK_WOKEN_MSG);
 
+	free(err);
+
 	return 0;
 
 end:
-- 
1.7.10.4