This is an automated email from the ASF dual-hosted git repository.
zwoop pushed a commit to branch 7.1.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/7.1.x by this push:
new aefd452 fix memory leak in SSLInitServerContext
aefd452 is described below
commit aefd452e06fcf126e2a04c84066e8776eb0940fb
Author: Liss Tarnell <[email protected]>
AuthorDate: Mon Jun 5 02:29:41 2017 +0100
fix memory leak in SSLInitServerContext
digest is only freed in the failure path, not the success path.
valgrind leak record:
==151777== 82,368 (23,568 direct, 58,800 indirect) bytes in 491 blocks are
definitely lost in loss record 2,298 of 2,334
==151777== at 0x4C2BBAF: malloc (vg_replace_malloc.c:299)
==151777== by 0x5ED59ED: CRYPTO_zalloc (in
/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1)
==151777== by 0x7EDB41: SSLInitServerContext(SSLConfigParams const*,
ssl_user_config const*, Vec<x509_st*, DefaultAlloc, 2>&) (SSLUtils.cc:1474)
==151777== by 0x7F0EAC: SSLCreateServerContext(SSLConfigParams const*)
(SSLUtils.cc:1784)
==151777== by 0x54E6EC: TSSslServerContextCreate (InkAPI.cc:9176)
==151777== by 0xAA8B8CD: secret_make_ssl_ctx (secret.c:129)
==151777== by 0xAA80D1F: build_ingress_tls (remap_build.c:147)
==151777== by 0xAA80D1F: build_ingress (remap_build.c:77)
==151777== by 0xAA80D1F: build_namespace (remap_build.c:54)
==151777== by 0xAA80D1F: remap_db_from_cluster (remap_build.c:37)
==151777== by 0xAA7C903: rebuild_maps (remap.c:52)
==151777== by 0xAA7C296: fetcher_get_all (watcher.c:517)
==151777== by 0xAA7C2E7: watcher_thread (watcher.c:543)
==151777== by 0x553C0F: ink_thread_trampoline(void*)
(InkIOCoreAPI.cc:111)
==151777== by 0x6508493: start_thread (pthread_create.c:333)
(cherry picked from commit 0b900a6d9f70300543718a0143f014d3b851f189)
---
iocore/net/SSLUtils.cc | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/iocore/net/SSLUtils.cc b/iocore/net/SSLUtils.cc
index 5b97855..0eafbc6 100644
--- a/iocore/net/SSLUtils.cc
+++ b/iocore/net/SSLUtils.cc
@@ -1713,6 +1713,8 @@ SSLInitServerContext(const SSLConfigParams *params, const
ssl_user_config *sslMu
SSLError("EVP_DigestFinal_ex failed");
goto fail;
}
+ EVP_MD_CTX_free(digest);
+ digest = NULL;
if (SSL_CTX_set_session_id_context(ctx, hash_buf, hash_len) == 0) {
SSLError("SSL_CTX_set_session_id_context failed");
@@ -1767,7 +1769,8 @@ SSLInitServerContext(const SSLConfigParams *params, const
ssl_user_config *sslMu
return ctx;
fail:
- EVP_MD_CTX_free(digest);
+ if (digest)
+ EVP_MD_CTX_free(digest);
SSL_CLEAR_PW_REFERENCES(ctx)
SSLReleaseContext(ctx);
for (unsigned int i = 0; i < certList.length(); i++) {
--
To stop receiving notification emails like this one, please contact
['"[email protected]" <[email protected]>'].
