Re: PATCH: memory leak fix

Sat, 25 May 2019 03:01:06 -0700 

hi, I see it it not yet applied.
it turned out that freeing breaks LibreSSL internals.
so, here's v2 (free only if not LibreSSL)



сб, 25 мая 2019 г. в 10:46, Willy Tarreau <w...@1wt.eu>:

> Hi Ilya,
>
> > From 61f04a8ecdcfc105f732d5978180ad2ab746cc34 Mon Sep 17 00:00:00 2001
> > From: Ilya Shipitsin <chipits...@gmail.com>
> > Date: Sat, 25 May 2019 03:38:14 +0500
> > Subject: [PATCH] BUG/MINOR: ssl_sock: Fix memory leak when disabling
> >  compression
> >
> > according to manpage:
> >
> >        sk_TYPE_zero() sets the number of elements in sk to zero. It does
> not free sk so after this call sk is still valid.
> >
> > so we need to free all elements
>
> Hey, good catch! I think this one has been there forever :-)
>
> Applied, thanks.
> Willy
>

From bfa0e84e363f5d4d9db1c29e0edf9498df843536 Mon Sep 17 00:00:00 2001
From: Ilya Shipitsin <chipits...@gmail.com>
Date: Sat, 25 May 2019 14:57:24 +0500
Subject: [PATCH] BUG/MINOR: ssl_sock: Fix memory leak when disabling
 compression

according to manpage:

     sk_TYPE_zero() sets the number of elements in sk to zero. It does not free sk so after this call sk is still valid.

so we need to free all elements
escept for LibreSSL, freeing breaks LibreSSL internals
---
 src/ssl_sock.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 651afa3a..7e473b10 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -9701,7 +9701,10 @@ static void ssl_sock_capture_free_func(void *parent, void *ptr, CRYPTO_EX_DATA *
 __attribute__((constructor))
 static void __ssl_sock_init(void)
 {
+#if !defined LIBRESSL_VERSION_NUMBER
 	STACK_OF(SSL_COMP)* cm;
+	int n;
+#endif
 
 	if (global_ssl.listen_default_ciphers)
 		global_ssl.listen_default_ciphers = strdup(global_ssl.listen_default_ciphers);
@@ -9718,8 +9721,14 @@ static void __ssl_sock_init(void)
 #if HA_OPENSSL_VERSION_NUMBER < 0x10100000L
 	SSL_library_init();
 #endif
+#if !defined LIBRESSL_VERSION_NUMBER
 	cm = SSL_COMP_get_compression_methods();
-	sk_SSL_COMP_zero(cm);
+	n = sk_SSL_COMP_num(cm);
+	while (n--) {
+		(void) sk_SSL_COMP_pop(cm);
+	}
+#endif
+
 #if defined(USE_THREAD) && (HA_OPENSSL_VERSION_NUMBER < 0x10100000L)
 	ssl_locking_init();
 #endif
-- 
2.20.1

Reply via email to