upstream/haproxy
1
0
Fork 0
mirror of https://github.com/haproxy/haproxy.git synced 2026-05-19 16:36:07 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 6

BUG/MINOR: ssl: fix memory leaks on realloc failure in ssl_sock.c
Some checks are pending
Contrib / admin/halog/ (push) Waiting to run
Details
Contrib / dev/flags/ (push) Waiting to run
Details
Contrib / dev/haring/ (push) Waiting to run
Details
Contrib / dev/hpack/ (push) Waiting to run
Details
Contrib / dev/poll/ (push) Waiting to run
Details
VTest / Generate Build Matrix (push) Waiting to run
Details
VTest / (push) Blocked by required conditions
Details
Windows / Windows, gcc, all features (push) Waiting to run
Details

Browse source 
Replace bare realloc() calls with my_realloc2(), which frees the original
pointer on allocation failure, preventing a memory leak when the pointer
is subsequently overwritten with NULL.

Must be backported to 3.3.
This commit is contained in:
Ilia Shipitsin 2026-04-13 18:14:51 +02:00 committed by William Lallemand
parent 0c4b7d7f34
commit 90bfbea7c0
1 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
src/ssl_sock.c
View file

@ -3743,7 +3743,7 @@ static void ssl_sock_resize_passphrase_cache(void)
int idx; int idx;
int new_size = passphrase_cache_size << 1; int new_size = passphrase_cache_size << 1;
passphrase_randoms = realloc(passphrase_randoms, sizeof(*passphrase_randoms) * (new_size)); passphrase_randoms = my_realloc2(passphrase_randoms, sizeof(*passphrase_randoms) * (new_size));
if (!passphrase_randoms) { if (!passphrase_randoms) {
ha_alert("ssl_sock_passwd_cb: passphrase randoms realloc failed"); ha_alert("ssl_sock_passwd_cb: passphrase randoms realloc failed");
passphrase_idx = -1; passphrase_idx = -1;
@ -3759,7 +3759,7 @@ static void ssl_sock_resize_passphrase_cache(void)
if (passphrase_cache_size) { if (passphrase_cache_size) {
passphrase_cache_size = new_size; passphrase_cache_size = new_size;
passphrase_cache = realloc(passphrase_cache, sizeof(*passphrase_cache) * passphrase_cache_size); passphrase_cache = my_realloc2(passphrase_cache, sizeof(*passphrase_cache) * passphrase_cache_size);
if (!passphrase_cache) { if (!passphrase_cache) {
ha_alert("ssl_sock_passwd_cb: passphrase cache realloc failed"); ha_alert("ssl_sock_passwd_cb: passphrase cache realloc failed");
passphrase_idx = -1; passphrase_idx = -1;
@ -4251,7 +4251,7 @@ static int ssl_sess_new_srv_cb(SSL *ssl, SSL_SESSION *sess)
if (!ptr || s->ssl_ctx.reused_sess[tid].allocated_size < len) { if (!ptr || s->ssl_ctx.reused_sess[tid].allocated_size < len) {
/* insufficient storage, reallocate */ /* insufficient storage, reallocate */
len = (len + 7) & -8; /* round to the nearest 8 bytes */ len = (len + 7) & -8; /* round to the nearest 8 bytes */
ptr = realloc(ptr, len); ptr = my_realloc2(ptr, len);
if (!ptr) if (!ptr)
free(s->ssl_ctx.reused_sess[tid].ptr); free(s->ssl_ctx.reused_sess[tid].ptr);
s->ssl_ctx.reused_sess[tid].ptr = ptr; s->ssl_ctx.reused_sess[tid].ptr = ptr;