This has been commited, thanks! Erik Lax(e...@halon.se) on 2013.11.19 22:40:38 +0100: > Hi, > > In relayd, if a relay is configured with two "listen on" directives, one > with ssl and one without. In the relay_inherit function the ssl pointers > (cert and key) are copied to the latter, and used/freed even if F_SSL is > not set. This causes a double free later in purge_relay. > > relay "http" { > listen on 127.0.0.1 port 4433 ssl > listen on 127.0.0.1 port 8080 > forward with ssl to 127.0.0.1 port 443 > } > > There following patch fixes this. > > --- usr.sbin/relayd/parse.y.orig Tue Nov 19 22:10:48 2013 > +++ usr.sbin/relayd/parse.y Tue Nov 19 22:09:41 2013 > @@ -2809,6 +2809,12 @@ > rb->rl_conf.port = rc.port; > rb->rl_conf.flags = > (ra->rl_conf.flags & ~F_SSL) | (rc.flags & F_SSL); > + if (!(rb->rl_conf.flags & F_SSL)) { > + rb->rl_ssl_cert = NULL; > + rb->rl_conf.ssl_cert_len = 0; > + rb->rl_ssl_key = NULL; > + rb->rl_conf.ssl_key_len = 0; > + } > TAILQ_INIT(&rb->rl_tables); > > rb->rl_conf.id = ++last_relay_id; >
--