From 0f06a850ced79244774734ed525b289f2930d9c7 Mon Sep 17 00:00:00 2001
From: Andre lorbach <alorbach@adiscon.com>
Date: Thu, 11 May 2023 16:49:11 +0200
Subject: [PATCH] [backport] GNUTls Driver: Fix memory leaks in gtlsInitCred

Missing CA Certificate or multiple Connections caused
a memory leak in pThis->xcred as it was allocated each time in
gtlsInitCred by gnutls_certificate_allocate_credentials

closes: https://github.com/rsyslog/rsyslog/issues/5135

---

Conflict:NA
Type:bugfix
Reference:https://github.com/rsyslog/rsyslog/commit/3401d687d2d5f9556165b53be79fbe4dc49b8c79

---
---
 runtime/nsd_gtls.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/runtime/nsd_gtls.c b/runtime/nsd_gtls.c
index e003d85d3..91cffb500 100644
--- a/runtime/nsd_gtls.c
+++ b/runtime/nsd_gtls.c
@@ -711,7 +711,10 @@ gtlsInitCred(nsd_gtls_t *const pThis )
 	DEFiRet;
 
 	/* X509 stuff */
-	CHKgnutls(gnutls_certificate_allocate_credentials(&pThis->xcred));
+	if (pThis->xcred == NULL) {
+		/* Allocate only ONCE */
+		CHKgnutls(gnutls_certificate_allocate_credentials(&pThis->xcred));
+	}
 
 	/* sets the trusted cas file */
 	cafile = (pThis->pszCAFile == NULL) ? glbl.GetDfltNetstrmDrvrCAF(runConf) : pThis->pszCAFile;
@@ -2277,7 +2280,12 @@ finalize_it:
 		if(pThis->bHaveSess) {
 			gnutls_deinit(pThis->sess);
 			pThis->bHaveSess = 0;
+			/* Free memory using gnutls api first*/
+			gnutls_certificate_free_credentials(pThis->xcred);
 			pThis->xcred = NULL;
+			/* Free other memory */
+			free(pThis->pszConnectHost);
+			pThis->pszConnectHost = NULL;
 		}
 	}
 
-- 
2.33.0