Repository: trafficserver Updated Branches: refs/heads/master ed24befd9 -> 96ae19b66
TS-2480: Fix leak in the ticket key improvements. Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/96ae19b6 Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/96ae19b6 Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/96ae19b6 Branch: refs/heads/master Commit: 96ae19b6690aeec5ed77a5c92330750141c99d65 Parents: ed24bef Author: shinrich <[email protected]> Authored: Thu Feb 5 15:37:23 2015 -0600 Committer: shinrich <[email protected]> Committed: Thu Feb 5 15:38:27 2015 -0600 ---------------------------------------------------------------------- iocore/net/SSLUtils.cc | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/trafficserver/blob/96ae19b6/iocore/net/SSLUtils.cc ---------------------------------------------------------------------- diff --git a/iocore/net/SSLUtils.cc b/iocore/net/SSLUtils.cc index caddf9b..055d396 100644 --- a/iocore/net/SSLUtils.cc +++ b/iocore/net/SSLUtils.cc @@ -1689,6 +1689,7 @@ ssl_store_ssl_context( ats_scoped_str certpath; ats_scoped_str session_key_path; ssl_ticket_key_block *keyblock = NULL; + bool inserted = false; // The certificate callbacks are set by the caller only // for the default certificate @@ -1719,6 +1720,7 @@ ssl_store_ssl_context( if (sslMultCertSettings.addr) { if (strcmp(sslMultCertSettings.addr, "*") == 0) { if (lookup->insert(sslMultCertSettings.addr, SSLCertContext(ctx, sslMultCertSettings.opt, keyblock)) >= 0) { + inserted = true; lookup->ssl_default = ctx; ssl_set_handshake_callbacks(ctx); } @@ -1727,7 +1729,9 @@ ssl_store_ssl_context( if (ats_ip_pton(sslMultCertSettings.addr, &ep) == 0) { Debug("ssl", "mapping '%s' to certificate %s", (const char *)sslMultCertSettings.addr, (const char *)certpath); - lookup->insert(ep, SSLCertContext(ctx, sslMultCertSettings.opt, keyblock)); + if (lookup->insert(ep, SSLCertContext(ctx, sslMultCertSettings.opt, keyblock)) >= 0) { + inserted = true; + } } else { Error("'%s' is not a valid IPv4 or IPv6 address", (const char *)sslMultCertSettings.addr); } @@ -1767,6 +1771,9 @@ ssl_store_ssl_context( if (SSLConfigParams::init_ssl_ctx_cb) { SSLConfigParams::init_ssl_ctx_cb(ctx, true); } + if (!inserted && keyblock != NULL) { + ticket_block_free(keyblock); + } return ctx; }
