Repository: trafficserver Updated Branches: refs/heads/master 325d1de3c -> 7d11e005d
Fix SSL session cache leak under lock contention Coverity CID #1254820 Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/79181c0d Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/79181c0d Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/79181c0d Branch: refs/heads/master Commit: 79181c0dd6868e73e6427819ef020261faeecb28 Parents: d823954 Author: James Peach <[email protected]> Authored: Mon Dec 29 21:36:06 2014 -0800 Committer: James Peach <[email protected]> Committed: Fri Jan 2 12:45:51 2015 -0800 ---------------------------------------------------------------------- iocore/net/SSLSessionCache.cc | 15 ++++++++++----- iocore/net/SSLSessionCache.h | 2 +- 2 files changed, 11 insertions(+), 6 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/trafficserver/blob/79181c0d/iocore/net/SSLSessionCache.cc ---------------------------------------------------------------------- diff --git a/iocore/net/SSLSessionCache.cc b/iocore/net/SSLSessionCache.cc index 2d059fe..b3cbc1e 100644 --- a/iocore/net/SSLSessionCache.cc +++ b/iocore/net/SSLSessionCache.cc @@ -19,10 +19,10 @@ limitations under the License. */ -#include <cstring> -#include <deque> #include "P_SSLConfig.h" #include "SSLSessionCache.h" +#include <cstring> +#include <memory> #define SSLSESSIONCACHE_STRINGIFY0(x) #x #define SSLSESSIONCACHE_STRINGIFY(x) SSLSESSIONCACHE_STRINGIFY0(x) @@ -121,7 +121,7 @@ void SSLSessionBucket::insertSession(const SSLSessionID &id, SSL_SESSION *sess) unsigned char *loc = reinterpret_cast<unsigned char *>(buf->data()); i2d_SSL_SESSION(sess, &loc); - SSLSession *ssl_session = new SSLSession(id, buf, len); + std::auto_ptr<SSLSession> ssl_session(new SSLSession(id, buf, len)); MUTEX_TRY_LOCK(lock, mutex, this_ethread()); if (!lock.is_locked()) { @@ -138,7 +138,7 @@ void SSLSessionBucket::insertSession(const SSLSessionID &id, SSL_SESSION *sess) } /* do the actual insert */ - queue.enqueue(ssl_session); + queue.enqueue(ssl_session.release()); PRINT_BUCKET("insertSession after") } @@ -200,7 +200,12 @@ void inline SSLSessionBucket::print(const char *ref_str) const { } } -void inline SSLSessionBucket::removeOldestSession() { +void inline +SSLSessionBucket::removeOldestSession() +{ + // Caller must hold the bucket lock. + ink_assert(this_ethread() == mutex->thread_holding); + PRINT_BUCKET("removeOldestSession before") while (queue.head && queue.size >= static_cast<int>(SSLConfigParams::session_cache_max_bucket_size)) { SSLSession *old_head = queue.pop(); http://git-wip-us.apache.org/repos/asf/trafficserver/blob/79181c0d/iocore/net/SSLSessionCache.h ---------------------------------------------------------------------- diff --git a/iocore/net/SSLSessionCache.h b/iocore/net/SSLSessionCache.h index 240b251..a0e6f30 100644 --- a/iocore/net/SSLSessionCache.h +++ b/iocore/net/SSLSessionCache.h @@ -118,7 +118,6 @@ class SSLSessionBucket { public: SSLSessionBucket(); ~SSLSessionBucket(); - void removeOldestSession(); void insertSession(const SSLSessionID &, SSL_SESSION *ctx); bool getSession(const SSLSessionID &, SSL_SESSION **ctx); void removeSession(const SSLSessionID &); @@ -126,6 +125,7 @@ public: private: /* these method must be used while hold the lock */ void print(const char *) const; + void removeOldestSession(); Ptr<ProxyMutex> mutex; CountQueue<SSLSession> queue;
