[trafficserver] branch 9.0.x updated: fix leak in early data (#6957)

Mon, 13 Jul 2020 11:28:12 -0700 

This is an automated email from the ASF dual-hosted git repository.

zwoop pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git


The following commit(s) were added to refs/heads/9.0.x by this push:
     new e21b8e4  fix leak in early data (#6957)
e21b8e4 is described below

commit e21b8e4bcd750a916a3a6e812540bfcf4402cd03
Author: Fei Deng <[email protected]>
AuthorDate: Mon Jul 13 13:27:32 2020 -0500

    fix leak in early data (#6957)
    
    (cherry picked from commit 744e02ec753abc6b0c5c7f9b4d4d8e1c7d837fc7)
---
 iocore/net/SSLUtils.cc | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/iocore/net/SSLUtils.cc b/iocore/net/SSLUtils.cc
index bc303e3..b3f5424 100644
--- a/iocore/net/SSLUtils.cc
+++ b/iocore/net/SSLUtils.cc
@@ -1833,10 +1833,6 @@ SSLAccept(SSL *ssl)
 
   if (SSLConfigParams::server_max_early_data > 0 && !netvc->early_data_finish) 
{
     size_t nread;
-    if (netvc->early_data_buf == nullptr) {
-      netvc->early_data_buf    = new_MIOBuffer(BUFFER_SIZE_INDEX_16K);
-      netvc->early_data_reader = netvc->early_data_buf->alloc_reader();
-    }
 
     while (true) {
       IOBufferBlock *block = new_IOBufferBlock();
@@ -1845,9 +1841,14 @@ SSLAccept(SSL *ssl)
 
       if (ret == SSL_READ_EARLY_DATA_ERROR) {
         Debug("ssl_early_data", "SSL_READ_EARLY_DATA_ERROR");
+        block->free();
         break;
       } else {
         if (nread > 0) {
+          if (netvc->early_data_buf == nullptr) {
+            netvc->early_data_buf    = new_MIOBuffer(BUFFER_SIZE_INDEX_16K);
+            netvc->early_data_reader = netvc->early_data_buf->alloc_reader();
+          }
           block->fill(nread);
           netvc->early_data_buf->append_block(block);
           SSL_INCREMENT_DYN_STAT(ssl_early_data_received_count);
@@ -1856,13 +1857,15 @@ SSLAccept(SSL *ssl)
             std::string early_data_str(reinterpret_cast<char *>(block->buf()), 
nread);
             Debug("ssl_early_data_show_received", "Early data buffer: \n%s", 
early_data_str.c_str());
           }
+        } else {
+          block->free();
         }
 
         if (ret == SSL_READ_EARLY_DATA_FINISH) {
           netvc->early_data_finish = true;
           Debug("ssl_early_data", "SSL_READ_EARLY_DATA_FINISH: size = %lu", 
nread);
 
-          if (netvc->early_data_reader->read_avail() == 0) {
+          if (netvc->early_data_reader == nullptr || 
netvc->early_data_reader->read_avail() == 0) {
             Debug("ssl_early_data", "no data in early data buffer");
             ERR_clear_error();
             ret = SSL_accept(ssl);

Reply via email to