Hi Bianca!
On Fri, Apr 24, 2026 at 11:04:03PM +0000, Bianca Dogareci wrote:
> Please find attached a patch fixing a memory leak when realloc() fails
> in ssl_ckch.c.
> Fix three instances of the classic realloc() bug in ckchs_dup() and
> ckch_conf_parse() where overwriting the original pointer with NULL
> on allocation failure loses reference to the original memory block.
>
> Use temporary pointers to check realloc() result before updating
> the original pointer. This prevents memory leaks when realloc()
> fails.
You're right about this, thanks!
HAProxy has a my_realloc2() function that does the same thing but also
frees the original pointer on failure, to make the handling of failures of
realloc() simpler.
Could please adjust your patch for my_realloc2?
> diff --git a/src/ssl_ckch.c b/src/ssl_ckch.c
> index 122d314e6..47b3250b1 100644
> --- a/src/ssl_ckch.c
> +++ b/src/ssl_ckch.c
> @@ -1098,9 +1098,10 @@ struct ckch_store *ckchs_dup(const struct ckch_store
> *src)
> /* copy the array of domain strings */
>
> while (src->conf.acme.domains[n]) {
> - r = realloc(r, sizeof(char *) * (n + 2));
> - if (!r)
> + char **new_r = realloc(r, sizeof(char *) * (n + 2));
> + if (!new_r)
> goto error;
> + r = new_r;
>
> r[n] = strdup(src->conf.acme.domains[n]);
> if (!r[n]) {
--
Egor Shestakov
egor ascii(0x40) ved1 ascii(0x2E) me
