From a2ec192de38eba294189bf94b76dbb2c4cf9a55b Mon Sep 17 00:00:00 2001 From: Miroslav Zagorac Date: Wed, 2 Nov 2022 16:11:50 +0100 Subject: [PATCH] BUG/MINOR: httpclient: fixed memory allocation for the SSL ca_file The memory for the SSL ca_file was allocated only once (in the function httpclient_create_proxy()) and that pointer was assigned to each created proxy that the HTTP client uses. This would not be a problem if this memory was not freed in each individual proxy when it was deinitialized in the function ssl_sock_free_srv_ctx(). Memory allocation: src/http_client.c, function httpclient_create_proxy(): 1277: if (!httpclient_ssl_ca_file) 1278: httpclient_ssl_ca_file = strdup("@system-ca"); 1280: srv_ssl->ssl_ctx.ca_file = httpclient_ssl_ca_file; Memory deallocation: src/ssl_sock.c, function ssl_sock_free_srv_ctx(): 5613: ha_free(&srv->ssl_ctx.ca_file); This should be backported to version 2.6. --- src/http_client.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/src/http_client.c b/src/http_client.c index 92a4ed6dd..88375e954 100644 --- a/src/http_client.c +++ b/src/http_client.c @@ -1274,10 +1274,7 @@ struct proxy *httpclient_create_proxy(const char *id) /* if the verify is required, try to load the system CA */ if (httpclient_ssl_verify == SSL_SOCK_VERIFY_REQUIRED) { - if (!httpclient_ssl_ca_file) - httpclient_ssl_ca_file = strdup("@system-ca"); - - srv_ssl->ssl_ctx.ca_file = httpclient_ssl_ca_file; + srv_ssl->ssl_ctx.ca_file = strdup(httpclient_ssl_ca_file ? httpclient_ssl_ca_file : "@system-ca"); if (!ssl_store_load_locations_file(srv_ssl->ssl_ctx.ca_file, 1, CAFILE_CERT)) { /* if we failed to load the ca-file, only quits in * error with hard_error, otherwise just disable the