From: Theo Buehler <tb@theobuehler.org>
Subject: Re: relayd: free tls_cfg on error
To: Jan Schreiber <jes@posteo.de>
Cc: tech@openbsd.org
Date: Thu, 2 Apr 2026 15:42:28 +0200

On Wed, Apr 01, 2026 at 08:13:23PM +0000, Jan Schreiber wrote:
> Hi,
> 
> to me it looks like tls_cfg is not freed when the early return happens.

Right. Mixing early returns and goto err is often a bit of a smell
because it is error prone. I would probably initialize both tls_cfg
and tls_client_cfg to NULL at the top and use goto err throughout.

Committed as is. Thanks.

> This patch uses goto err like the other parts of the function.
> 
> diff --git usr.sbin/relayd/relay.c usr.sbin/relayd/relay.c
> index e2aa0625572..fcb1336aeef 100644
> --- usr.sbin/relayd/relay.c
> +++ usr.sbin/relayd/relay.c
> @@ -2156,7 +2156,7 @@ relay_tls_ctx_create(struct relay *rlay)
>         }
>         if ((tls_client_cfg = tls_config_new()) == NULL) {
>                 log_warnx("unable to allocate TLS config");
> -               return (-1);
> +               goto err;
>         }
>