From: William Lallemand <wlallemand@haproxy.com>
Date: Thu, 6 Aug 2020 22:44:32 +0000 (+0200)
Subject: BUG/MINOR: ssl: fix memory leak at OCSP loading
X-Git-Tag: v2.1.9~56
X-Git-Url: http://git.haproxy.org/?a=commitdiff_plain;h=319112b7ab7bf583697ce8ccaafd0c0b5b90066d;p=haproxy-2.1.git

BUG/MINOR: ssl: fix memory leak at OCSP loading

Fix a memory leak when loading an OCSP file when the file was already
loaded elsewhere in the configuration.

Indeed, if the OCSP file already exists, a useless chunk_dup() will be
done during the load.

To fix it we reverts "ocsp" to "iocsp" like it was done previously.

This was introduced by commit 246c024 ("MINOR: ssl: load the ocsp
in/from the ckch").

Should fix part of the issue #746.

It must be backported in 2.1 and 2.2.

(cherry picked from commit 86e4d63316de32b964c8b6b453b549532611e7e5)
Signed-off-by: Willy Tarreau <w@1wt.eu>
(cherry picked from commit 742556f1ae840df317533c0154c5393e09a4d120)
Signed-off-by: Willy Tarreau <w@1wt.eu>
---

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 574cd15..afb0f40 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -1325,7 +1325,7 @@ static int ssl_sock_load_ocsp(SSL_CTX *ctx, const struct cert_key_and_chain *ckc
 	ret = 0;
 
 	warn = NULL;
-	if (ssl_sock_load_ocsp_response(ckch->ocsp_response, ocsp, cid, &warn)) {
+	if (ssl_sock_load_ocsp_response(ckch->ocsp_response, iocsp, cid, &warn)) {
 		memprintf(&warn, "Loading: %s. Content will be ignored", warn ? warn : "failure");
 		ha_warning("%s.\n", warn);
 	}