[tomcat-native] branch 1.2.x updated: Fix BZ 66669 - memory leak in SNI processing

Mon, 31 Jul 2023 02:03:45 -0700 

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 1.2.x
in repository https://gitbox.apache.org/repos/asf/tomcat-native.git


The following commit(s) were added to refs/heads/1.2.x by this push:
     new ac050ed07 Fix BZ 66669 - memory leak in SNI processing
ac050ed07 is described below

commit ac050ed077fb1c8e56b0fb3142ec5272a1eff1b0
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Mon Jul 31 09:56:37 2023 +0100

    Fix BZ 66669 - memory leak in SNI processing
    
    https://bz.apache.org/bugzilla/show_bug.cgi?id=66669
---
 native/src/sslcontext.c           | 11 ++++++++++-
 xdocs/miscellaneous/changelog.xml |  3 +++
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/native/src/sslcontext.c b/native/src/sslcontext.c
index afec601c8..2cde86087 100644
--- a/native/src/sslcontext.c
+++ b/native/src/sslcontext.c
@@ -22,6 +22,7 @@
 #include "apr_file_io.h"
 #include "apr_thread_mutex.h"
 #include "apr_poll.h"
+#include "apr_pools.h"
 
 #ifdef HAVE_OPENSSL
 #include "ssl_private.h"
@@ -142,6 +143,7 @@ int ssl_callback_ClientHello(SSL *ssl, int *al, void *arg)
     const unsigned char *pos;
     size_t len, remaining;
     tcn_ssl_ctxt_t *c = (tcn_ssl_ctxt_t *) arg;
+    apr_pool_t *subpool = NULL;
 
     (*javavm)->AttachCurrentThread(javavm, (void **)&env, NULL);
     // Continue only if the static method exists
@@ -189,7 +191,10 @@ int ssl_callback_ClientHello(SSL *ssl, int *al, void *arg)
     /* Use the SNI to switch to the relevant vhost, should it differ from
      * c->base_server.
      */
-    servername = apr_pstrmemdup(c->pool, (const char *)pos, len);
+    if (apr_pool_create(&subpool, c->pool) != APR_SUCCESS) {
+        goto give_up;
+    }
+    servername = apr_pstrmemdup(subpool, (const char *)pos, len);
 
 give_up:
     if (servername != NULL) {
@@ -222,8 +227,12 @@ give_up:
                 SSL_set_session_id_context(ssl,  &(c->context_id[0]), sizeof 
c->context_id);
             }
         }
+    }
 
+    if (subpool != NULL) {
+        apr_pool_destroy(subpool);
     }
+
     return SSL_CLIENT_HELLO_SUCCESS;
 }
 #endif /* OPENSSL_VERSION_NUMBER < 0x10101000L */
diff --git a/xdocs/miscellaneous/changelog.xml 
b/xdocs/miscellaneous/changelog.xml
index c4dd3694b..667b539f9 100644
--- a/xdocs/miscellaneous/changelog.xml
+++ b/xdocs/miscellaneous/changelog.xml
@@ -35,6 +35,9 @@
     <update>
       Align default pass phrase prompt with HTTPd. (michaelo)
     </update>
+    <fix>
+      <bug>66669</bug>: Fix memory leak in SNI processing. (markt)
+    </fix>
   </changelog>
 </section>
 <section name="Changes in 1.2.37">


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to