CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2021/01/02 11:00:08
Modified files:
lib/libssl : tls13_record_layer.c
Log message:
Free {alert,phh}_data in tls13_record_layer_free()
httpd(8)'s incorrect tls_close() after closing the underlying socket
led to a leak: tls_close()'s attempt to send out the close_notify won't
work very well over a closed pipe. This resulted in alert_data still
hanging off the TLSv1.3 context's record layer struct. The tls_free()
call should have cleaned this up but failed to do so.
The record layer's phh_data potentially has the same issue, so free it
as well. This diff makes -current httpd(8) run in constant memory over
hundreds of thousands TLS connections with a static site.
ok inoguchi jsing
