On Fri, Jun 05, 2020 at 09:20:12PM +0200, Willy Tarreau wrote: > On Fri, Jun 05, 2020 at 08:47:41PM +0200, Willy Tarreau wrote: > > What I'm suspecting is that an error path is wrong in a function calling > > alloc_trash_chunk(), we'll have to audit them a little bit :-/ > > OK I found a few here in cli_parse_set_cert() which is used when changing > certificates from the CLI: > > > if ((buf = alloc_trash_chunk()) == NULL) > return cli_err(appctx, "Can't allocate memory\n"); > > if (!*args[3] || !payload) > return cli_err(appctx, "'set ssl cert expects a filename and a > certificat as a payload\n"); > > /* The operations on the CKCH architecture are locked so we can > * manipulate ckch_store and ckch_inst */ > if (HA_SPIN_TRYLOCK(CKCH_LOCK, &ckch_lock)) > return cli_err(appctx, "Can't update the > certificate!\nOperations on certificates are currently locked!\n"); > > These two errors will leak a trash. When I say that I hate seeing more > than one return statement in a function! Teachers hate gotos because > they don't fix bugs, but when you troubleshoot you quickly hate return :-) > > I didn't find any other one. Arre you using "set ssl cert" on the CLI ? > I hope it's only that, it will be easy to fix. CCing William just in case. >
I fixed the issue, the patch will come in the 2.1.6 which will be released today. -- William Lallemand
