[jira] [Work logged] (TS-4858) Global session ticket key block leaks.

Mon, 10 Oct 2016 08:22:51 -0700 

     [ 
https://issues.apache.org/jira/browse/TS-4858?focusedWorklogId=30326&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-30326
 ]

ASF GitHub Bot logged work on TS-4858:
--------------------------------------

                Author: ASF GitHub Bot
            Created on: 10/Oct/16 15:21
            Start Date: 10/Oct/16 15:21
    Worklog Time Spent: 10m 
      Work Description: Github user jpeach commented on a diff in the pull 
request:

    https://github.com/apache/trafficserver/pull/1024#discussion_r82625392
  
    --- Diff: iocore/net/SSLCertLookup.cc ---
    @@ -160,7 +160,40 @@ ticket_block_alloc(unsigned count)
     
       return ptr;
     }
    +ssl_ticket_key_block *
    +ssl_create_ticket_key_block_buffer(char *ticket_key_data, int 
ticket_key_len)
    +{
    +  ssl_ticket_key_block *keyblock = NULL;
    +  int num_ticket_keys            = ticket_key_len / 
sizeof(ssl_ticket_key_t);
    +  if (num_ticket_keys == 0) {
    +    Error("SSL session ticket key is too short (>= 48 bytes are 
required)");
    +    goto fail;
    +  }
    +
    +  // Increase the stats.
    +  if (ssl_rsb != NULL) { // ssl_rsb is not initialized during the first 
run.
    +    SSL_INCREMENT_DYN_STAT(ssl_total_ticket_keys_renewed_stat);
    +  }
    --- End diff --
    
    Sure, but the single responsibility of this function is to load a ticket 
block. If the caller needs a metric to track how many times it is called, the 
caller should do it. By pushing higher level responsibilities into library 
code, we are breaking the single responsibility principle and making the code 
less reusable and harder to reason about.


Issue Time Tracking
-------------------

    Worklog Id:     (was: 30326)
    Time Spent: 2h 20m  (was: 2h 10m)

> Global session ticket key block leaks.
> --------------------------------------
>
>                 Key: TS-4858
>                 URL: https://issues.apache.org/jira/browse/TS-4858
>             Project: Traffic Server
>          Issue Type: Bug
>          Components: SSL
>            Reporter: James Peach
>            Assignee: Syeda Persia Aziz
>             Fix For: 7.1.0
>
>          Time Spent: 2h 20m
>  Remaining Estimate: 0h
>
> From source inspection, ``global_default_keyblock`` is always assigned so it 
> will leak on configuration reload.
> Have not reproduced this since I wasn't able to get SSL config reload to work 
> :-(



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to