From efe5e8e99890b24dcfb8c925d98bf82e2fdf0b9f Mon Sep 17 00:00:00 2001
From: Olivier Houchard <cognet@ci0.org>
Date: Fri, 24 Jan 2020 15:17:38 +0100
Subject: [PATCH] BUG/MEDIUM: ssl: Don't forget to free ctx->ssl on failure.

In ssl_sock_init(), if we fail to allocate the BIO, don't forget to free
the SSL *, or we'd end up with a memory leak.

This should be backported to 2.1 and 2.0.
---
 src/ssl_sock.c |    4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 5ca59eb..99133f0 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -5937,6 +5937,8 @@ static int ssl_sock_init(struct connection *conn, void **xprt_ctx)
 		}
 		ctx->bio = BIO_new(ha_meth);
 		if (!ctx->bio) {
+			SSL_free(ctx->ssl);
+			ctx->ssl = NULL;
 			if (may_retry--) {
 				pool_gc(NULL);
 				goto retry_connect;
@@ -5999,6 +6001,8 @@ static int ssl_sock_init(struct connection *conn, void **xprt_ctx)
 		}
 		ctx->bio = BIO_new(ha_meth);
 		if (!ctx->bio) {
+			SSL_free(ctx->ssl);
+			ctx->ssl = NULL;
 			if (may_retry--) {
 				pool_gc(NULL);
 				goto retry_accept;
-- 
1.7.10.4