commit 88acf51a5d44a2359a94678d631e30ea6bff41fe
from: tb <tb@openbsd.org>
date: Thu Apr  2 13:38:24 2026 UTC

relay_tls_ctx_create: plug tls_cfg leak

If the second tls_cfg_new() call fails, the tls_cfg is leaked.

From Jan Schreiber

commit - 4c3a9f7f9d06e22d34bebc20a495ec845a46b824
commit + 88acf51a5d44a2359a94678d631e30ea6bff41fe
blob - e2aa06255720d8329334753d2c8600bd93f21bba
blob + a035f996f0a5b6e031c1cc0d98ef232627bcc9c1
--- relay.c
+++ relay.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: relay.c,v 1.262 2026/03/02 19:28:01 rsadowski Exp $	*/
+/*	$OpenBSD: relay.c,v 1.263 2026/04/02 13:38:24 tb Exp $	*/
 
 /*
  * Copyright (c) 2006 - 2014 Reyk Floeter <reyk@openbsd.org>
@@ -2156,7 +2156,7 @@ relay_tls_ctx_create(struct relay *rlay)
 	}
 	if ((tls_client_cfg = tls_config_new()) == NULL) {
 		log_warnx("unable to allocate TLS config");
-		return (-1);
+		goto err;
 	}
 
 	if (relay_tls_ctx_create_proto(rlay->rl_proto, tls_cfg) == -1)