Repository: trafficserver Updated Branches: refs/heads/master 505593d43 -> 0a51ce2f6
TS-3554: Another memory leak fix in the SSL cert loading. Specifically the ticket key blocks. Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/88c5531b Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/88c5531b Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/88c5531b Branch: refs/heads/master Commit: 88c5531b2dccbf2378b7e518aa946ddf5f88c72a Parents: 7ea121c Author: shinrich <[email protected]> Authored: Tue Apr 28 14:22:45 2015 -0500 Committer: shinrich <[email protected]> Committed: Tue Apr 28 14:22:45 2015 -0500 ---------------------------------------------------------------------- iocore/net/P_SSLCertLookup.h | 1 + iocore/net/SSLCertLookup.cc | 2 +- iocore/net/SSLUtils.cc | 25 ++++++++++++++++++++----- 3 files changed, 22 insertions(+), 6 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/trafficserver/blob/88c5531b/iocore/net/P_SSLCertLookup.h ---------------------------------------------------------------------- diff --git a/iocore/net/P_SSLCertLookup.h b/iocore/net/P_SSLCertLookup.h index a6c3629..ebac339 100644 --- a/iocore/net/P_SSLCertLookup.h +++ b/iocore/net/P_SSLCertLookup.h @@ -66,6 +66,7 @@ struct SSLCertContext { explicit SSLCertContext(SSL_CTX *c) : ctx(c), opt(OPT_NONE), keyblock(NULL) {} SSLCertContext(SSL_CTX *c, Option o) : ctx(c), opt(o), keyblock(NULL) {} SSLCertContext(SSL_CTX *c, Option o, ssl_ticket_key_block *kb) : ctx(c), opt(o), keyblock(kb) {} + void release(); SSL_CTX *ctx; ///< openSSL context. Option opt; ///< Special handling option. http://git-wip-us.apache.org/repos/asf/trafficserver/blob/88c5531b/iocore/net/SSLCertLookup.cc ---------------------------------------------------------------------- diff --git a/iocore/net/SSLCertLookup.cc b/iocore/net/SSLCertLookup.cc index 28755ba..2e40208 100644 --- a/iocore/net/SSLCertLookup.cc +++ b/iocore/net/SSLCertLookup.cc @@ -265,7 +265,7 @@ SSLContextStorage::~SSLContextStorage() for (unsigned i = 0; i < this->ctx_store.length(); ++i) { if (this->ctx_store[i].ctx != last_ctx) { last_ctx = this->ctx_store[i].ctx; - SSLReleaseContext(this->ctx_store[i].ctx); + this->ctx_store[i].release(); } } http://git-wip-us.apache.org/repos/asf/trafficserver/blob/88c5531b/iocore/net/SSLUtils.cc ---------------------------------------------------------------------- diff --git a/iocore/net/SSLUtils.cc b/iocore/net/SSLUtils.cc index ff2ff93..64d98e8 100644 --- a/iocore/net/SSLUtils.cc +++ b/iocore/net/SSLUtils.cc @@ -131,6 +131,18 @@ ticket_block_free(void *ptr) ats_free(ptr); } +void SSLCertContext::release() +{ + if (keyblock) { + ticket_block_free(keyblock); + keyblock = NULL; + } + if (ctx) { + SSL_CTX_free(ctx); + ctx = NULL; + } +} + static ssl_ticket_key_block * ticket_block_alloc(unsigned count) { @@ -1681,6 +1693,14 @@ ssl_store_ssl_context(const SSLConfigParams *params, SSLCertLookup *lookup, cons } } } + if (!inserted) { +#if HAVE_OPENSSL_SESSION_TICKETS + if (keyblock != NULL) { + ticket_block_free(keyblock); + } +#endif + } + #if defined(SSL_OP_NO_TICKET) // Session tickets are enabled by default. Disable if explicitly requested. @@ -1720,11 +1740,6 @@ ssl_store_ssl_context(const SSLConfigParams *params, SSLCertLookup *lookup, cons } } if (!inserted) { -#if HAVE_OPENSSL_SESSION_TICKETS - if (keyblock != NULL) { - ticket_block_free(keyblock); - } -#endif if (ctx != NULL) { SSL_CTX_free(ctx); ctx = NULL;
