From 319112b7ab7bf583697ce8ccaafd0c0b5b90066d Mon Sep 17 00:00:00 2001 From: William Lallemand Date: Fri, 7 Aug 2020 00:44:32 +0200 Subject: [PATCH] BUG/MINOR: ssl: fix memory leak at OCSP loading Fix a memory leak when loading an OCSP file when the file was already loaded elsewhere in the configuration. Indeed, if the OCSP file already exists, a useless chunk_dup() will be done during the load. To fix it we reverts "ocsp" to "iocsp" like it was done previously. This was introduced by commit 246c024 ("MINOR: ssl: load the ocsp in/from the ckch"). Should fix part of the issue #746. It must be backported in 2.1 and 2.2. (cherry picked from commit 86e4d63316de32b964c8b6b453b549532611e7e5) Signed-off-by: Willy Tarreau (cherry picked from commit 742556f1ae840df317533c0154c5393e09a4d120) Signed-off-by: Willy Tarreau --- src/ssl_sock.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/ssl_sock.c b/src/ssl_sock.c index 574cd15..afb0f40 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -1325,7 +1325,7 @@ static int ssl_sock_load_ocsp(SSL_CTX *ctx, const struct cert_key_and_chain *ckc ret = 0; warn = NULL; - if (ssl_sock_load_ocsp_response(ckch->ocsp_response, ocsp, cid, &warn)) { + if (ssl_sock_load_ocsp_response(ckch->ocsp_response, iocsp, cid, &warn)) { memprintf(&warn, "Loading: %s. Content will be ignored", warn ? warn : "failure"); ha_warning("%s.\n", warn); } -- 1.7.10.4