Re: PATCH: memory leak fix

[Илья Шипицин]

I came with a better patch

actually it is not required to free compression methods on OpenSSL >= 1.0.0
so, let us only do that when it is really neccessary

сб, 25 мая 2019 г. в 14:59, Илья Шипицин <chipits...@gmail.com>:

> hi, I see it it not yet applied.
> it turned out that freeing breaks LibreSSL internals.
> so, here's v2 (free only if not LibreSSL)
>
>
>
> сб, 25 мая 2019 г. в 10:46, Willy Tarreau <w...@1wt.eu>:
>
>> Hi Ilya,
>>
>> > From 61f04a8ecdcfc105f732d5978180ad2ab746cc34 Mon Sep 17 00:00:00 2001
>> > From: Ilya Shipitsin <chipits...@gmail.com>
>> > Date: Sat, 25 May 2019 03:38:14 +0500
>> > Subject: [PATCH] BUG/MINOR: ssl_sock: Fix memory leak when disabling
>> >  compression
>> >
>> > according to manpage:
>> >
>> >        sk_TYPE_zero() sets the number of elements in sk to zero. It
>> does not free sk so after this call sk is still valid.
>> >
>> > so we need to free all elements
>>
>> Hey, good catch! I think this one has been there forever :-)
>>
>> Applied, thanks.
>> Willy
>>
>

From bbd0892bbc09969eb420920832e5b8903eeae350 Mon Sep 17 00:00:00 2001
From: Ilya Shipitsin <chipits...@gmail.com>
Date: Sat, 25 May 2019 19:30:50 +0500
Subject: [PATCH] BUILD: fix latest LibreSSL reg-test error

starting with OpenSSL 1.0.0 recommended way to disable compression is
using SSL_OP_NO_COMPRESSION when creating context.

manipulations with SSL_COMP_get_compression_methods, sk_SSL_COMP_num
are only required for OpenSSL < 1.0.0
---
 src/ssl_sock.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 4a0ad768..6f62375a 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -9701,8 +9701,10 @@ static void ssl_sock_capture_free_func(void *parent, void *ptr, CRYPTO_EX_DATA *
 __attribute__((constructor))
 static void __ssl_sock_init(void)
 {
+#if (!defined(OPENSSL_NO_COMP) && !defined(SSL_OP_NO_COMPRESSION))
 	STACK_OF(SSL_COMP)* cm;
 	int n;
+#endif
 
 	if (global_ssl.listen_default_ciphers)
 		global_ssl.listen_default_ciphers = strdup(global_ssl.listen_default_ciphers);
@@ -9719,11 +9721,13 @@ static void __ssl_sock_init(void)
 #if HA_OPENSSL_VERSION_NUMBER < 0x10100000L
 	SSL_library_init();
 #endif
+#if (!defined(OPENSSL_NO_COMP) && !defined(SSL_OP_NO_COMPRESSION))
 	cm = SSL_COMP_get_compression_methods();
 	n = sk_SSL_COMP_num(cm);
 	while (n--) {
 		(void) sk_SSL_COMP_pop(cm);
 	}
+#endif
 
 #if defined(USE_THREAD) && (HA_OPENSSL_VERSION_NUMBER < 0x10100000L)
 	ssl_locking_init();
-- 
2.20.1