** Description changed:

  [ Impact ]
  
-  * Accessing ssl.SSLSocket.session is leaking memory, which impacts both
+  * Accessing ssl.SSLSocket.session is leaking memory, which impacts both
  clients and servers. For some servers and applications this memory leak
  ultimately impacts the stability of the system/
  
-  * The root cause also added a significant performance penalty for
+  * The root cause also added a significant performance penalty for
  accessing ssl.SSLSocket.session, which will also be removed with the
  proposed fix.
  
  [ Test Plan ]
  
-  * Save the following script into a file like ./test.py
+  * Save the following script into a file like ./test.py
  import ssl
  import socket
  import time
  host = '185.125.190.20' # ubuntu.com
  port = 443
  
  session = None
  context = ssl._create_unverified_context(protocol=ssl.PROTOCOL_TLSv1_2)
  with socket.create_connection((host, port)) as sock:
-     with context.wrap_socket(sock, server_hostname=host, session = session) 
as ssock:
-         for i in range(300000):
-             session = ssock.session
+     with context.wrap_socket(sock, server_hostname=host, session = session) 
as ssock:
+         for i in range(300000):
+             session = ssock.session
  
-  * Run /usr/bin/time -v python3 ./test.py. Under "Average resident set
+  * Run /usr/bin/time -v python3 ./test.py. Under "Maximum resident set
  size (kbytes)" the output should list a memory usage of multiple
  mergabytes (likely 20-30MB) compared to the memory leak output of
  multiple GB
  
  [ Where problems could occur ]
  
-  * If the patch is incorrect it could impact the ssl module of Python.
+  * If the patch is incorrect it could impact the ssl module of Python.
  This could mean a correctness issue (potentially blocking clients or
  servers from accepting connections) or a security issue (introducing a
  vulnerability to Python).
  
-  * I tried to keep the potential impact as low as possible by using the
+  * I tried to keep the potential impact as low as possible by using the
  reviewed and published patch from upstream cpython. Additionally the
  modified code does not directly handle any of the cryptographic
  operations.
  
  [ Other Info ]
  
-  * The patch has ben in upstream cpython for about 2 years by now and
+  * The patch has ben in upstream cpython for about 2 years by now and
  was officially backported to 3.13 and 3.12, meaning that it has been
  vetted by the community and should be stable and correct.
  
  ---
  
  When ssl.SSLSocket.session` property was accessed, there's a memory leak
  which was introduced in CPython 3.10.
  
  Upstream bug report: https://github.com/python/cpython/issues/116810
  
  Upstream patch: https://github.com/python/cpython/pull/123249

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2157534

Title:
  getting ssl.SSLSocket.session brings to memory leak

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python3.10/+bug/2157534/+subscriptions


-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to