trafficserver-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From shinr...@apache.org
Subject [1/2] trafficserver git commit: TS-3554: Another memory leak fix in the SSL cert loading. Specifically the ticket key blocks.
Date Tue, 28 Apr 2015 19:24:40 GMT
Repository: trafficserver
Updated Branches:
  refs/heads/master 505593d43 -> 0a51ce2f6


TS-3554: Another memory leak fix in the SSL cert loading.  Specifically the ticket key blocks.


Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo
Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/88c5531b
Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/88c5531b
Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/88c5531b

Branch: refs/heads/master
Commit: 88c5531b2dccbf2378b7e518aa946ddf5f88c72a
Parents: 7ea121c
Author: shinrich <shinrich@yahoo-inc.com>
Authored: Tue Apr 28 14:22:45 2015 -0500
Committer: shinrich <shinrich@yahoo-inc.com>
Committed: Tue Apr 28 14:22:45 2015 -0500

----------------------------------------------------------------------
 iocore/net/P_SSLCertLookup.h |  1 +
 iocore/net/SSLCertLookup.cc  |  2 +-
 iocore/net/SSLUtils.cc       | 25 ++++++++++++++++++++-----
 3 files changed, 22 insertions(+), 6 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/trafficserver/blob/88c5531b/iocore/net/P_SSLCertLookup.h
----------------------------------------------------------------------
diff --git a/iocore/net/P_SSLCertLookup.h b/iocore/net/P_SSLCertLookup.h
index a6c3629..ebac339 100644
--- a/iocore/net/P_SSLCertLookup.h
+++ b/iocore/net/P_SSLCertLookup.h
@@ -66,6 +66,7 @@ struct SSLCertContext {
   explicit SSLCertContext(SSL_CTX *c) : ctx(c), opt(OPT_NONE), keyblock(NULL) {}
   SSLCertContext(SSL_CTX *c, Option o) : ctx(c), opt(o), keyblock(NULL) {}
   SSLCertContext(SSL_CTX *c, Option o, ssl_ticket_key_block *kb) : ctx(c), opt(o), keyblock(kb)
{}
+  void release();
 
   SSL_CTX *ctx;                   ///< openSSL context.
   Option opt;                     ///< Special handling option.

http://git-wip-us.apache.org/repos/asf/trafficserver/blob/88c5531b/iocore/net/SSLCertLookup.cc
----------------------------------------------------------------------
diff --git a/iocore/net/SSLCertLookup.cc b/iocore/net/SSLCertLookup.cc
index 28755ba..2e40208 100644
--- a/iocore/net/SSLCertLookup.cc
+++ b/iocore/net/SSLCertLookup.cc
@@ -265,7 +265,7 @@ SSLContextStorage::~SSLContextStorage()
   for (unsigned i = 0; i < this->ctx_store.length(); ++i) {
     if (this->ctx_store[i].ctx != last_ctx) {
       last_ctx = this->ctx_store[i].ctx;
-      SSLReleaseContext(this->ctx_store[i].ctx);
+      this->ctx_store[i].release();
     }
   }
 

http://git-wip-us.apache.org/repos/asf/trafficserver/blob/88c5531b/iocore/net/SSLUtils.cc
----------------------------------------------------------------------
diff --git a/iocore/net/SSLUtils.cc b/iocore/net/SSLUtils.cc
index ff2ff93..64d98e8 100644
--- a/iocore/net/SSLUtils.cc
+++ b/iocore/net/SSLUtils.cc
@@ -131,6 +131,18 @@ ticket_block_free(void *ptr)
   ats_free(ptr);
 }
 
+void SSLCertContext::release()
+{
+  if (keyblock) {
+    ticket_block_free(keyblock);
+    keyblock = NULL;
+  }
+  if (ctx) {
+    SSL_CTX_free(ctx);
+    ctx = NULL;
+  }
+}
+
 static ssl_ticket_key_block *
 ticket_block_alloc(unsigned count)
 {
@@ -1681,6 +1693,14 @@ ssl_store_ssl_context(const SSLConfigParams *params, SSLCertLookup
*lookup, cons
       }
     }
   }
+  if (!inserted) {
+#if HAVE_OPENSSL_SESSION_TICKETS
+    if (keyblock != NULL) {
+      ticket_block_free(keyblock);
+    }
+#endif
+  }
+
 
 #if defined(SSL_OP_NO_TICKET)
   // Session tickets are enabled by default. Disable if explicitly requested.
@@ -1720,11 +1740,6 @@ ssl_store_ssl_context(const SSLConfigParams *params, SSLCertLookup
*lookup, cons
     }
   }
   if (!inserted) {
-#if HAVE_OPENSSL_SESSION_TICKETS
-    if (keyblock != NULL) {
-      ticket_block_free(keyblock);
-    }
-#endif
     if (ctx != NULL) {
       SSL_CTX_free(ctx);
       ctx = NULL;


Mime
View raw message