trafficserver-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From shinr...@apache.org
Subject [trafficserver] branch master updated: fix memory leak in SSLInitServerContext
Date Mon, 05 Jun 2017 13:32:16 GMT
This is an automated email from the ASF dual-hosted git repository.

shinrich pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git


The following commit(s) were added to refs/heads/master by this push:
     new 0b900a6  fix memory leak in SSLInitServerContext
0b900a6 is described below

commit 0b900a6d9f70300543718a0143f014d3b851f189
Author: Liss Tarnell <ft@le-Fay.ORG>
AuthorDate: Mon Jun 5 02:29:41 2017 +0100

    fix memory leak in SSLInitServerContext
    
    digest is only freed in the failure path, not the success path.
    
    valgrind leak record:
    
    ==151777== 82,368 (23,568 direct, 58,800 indirect) bytes in 491 blocks are definitely
lost in loss record 2,298 of 2,334
    ==151777==    at 0x4C2BBAF: malloc (vg_replace_malloc.c:299)
    ==151777==    by 0x5ED59ED: CRYPTO_zalloc (in /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1)
    ==151777==    by 0x7EDB41: SSLInitServerContext(SSLConfigParams const*, ssl_user_config
const*, Vec<x509_st*, DefaultAlloc, 2>&) (SSLUtils.cc:1474)
    ==151777==    by 0x7F0EAC: SSLCreateServerContext(SSLConfigParams const*) (SSLUtils.cc:1784)
    ==151777==    by 0x54E6EC: TSSslServerContextCreate (InkAPI.cc:9176)
    ==151777==    by 0xAA8B8CD: secret_make_ssl_ctx (secret.c:129)
    ==151777==    by 0xAA80D1F: build_ingress_tls (remap_build.c:147)
    ==151777==    by 0xAA80D1F: build_ingress (remap_build.c:77)
    ==151777==    by 0xAA80D1F: build_namespace (remap_build.c:54)
    ==151777==    by 0xAA80D1F: remap_db_from_cluster (remap_build.c:37)
    ==151777==    by 0xAA7C903: rebuild_maps (remap.c:52)
    ==151777==    by 0xAA7C296: fetcher_get_all (watcher.c:517)
    ==151777==    by 0xAA7C2E7: watcher_thread (watcher.c:543)
    ==151777==    by 0x553C0F: ink_thread_trampoline(void*) (InkIOCoreAPI.cc:111)
    ==151777==    by 0x6508493: start_thread (pthread_create.c:333)
---
 iocore/net/SSLUtils.cc | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/iocore/net/SSLUtils.cc b/iocore/net/SSLUtils.cc
index 91083dd..0be99ec 100644
--- a/iocore/net/SSLUtils.cc
+++ b/iocore/net/SSLUtils.cc
@@ -1715,6 +1715,8 @@ SSLInitServerContext(const SSLConfigParams *params, const ssl_user_config
*sslMu
     SSLError("EVP_DigestFinal_ex failed");
     goto fail;
   }
+  EVP_MD_CTX_free(digest);
+  digest = NULL;
 
   if (SSL_CTX_set_session_id_context(ctx, hash_buf, hash_len) == 0) {
     SSLError("SSL_CTX_set_session_id_context failed");
@@ -1769,7 +1771,8 @@ SSLInitServerContext(const SSLConfigParams *params, const ssl_user_config
*sslMu
   return ctx;
 
 fail:
-  EVP_MD_CTX_free(digest);
+  if (digest)
+    EVP_MD_CTX_free(digest);
   SSL_CLEAR_PW_REFERENCES(ctx)
   SSLReleaseContext(ctx);
   for (unsigned int i = 0; i < certList.length(); i++) {

-- 
To stop receiving notification emails like this one, please contact
['"commits@trafficserver.apache.org" <commits@trafficserver.apache.org>'].

Mime
View raw message