From: Willy Tarreau <w@1wt.eu>
Date: Mon, 21 Aug 2023 06:12:12 +0000 (+0200)
Subject: MINOR: ssl_sock: avoid iterating realloc(+1) on stored context
X-Git-Tag: v2.9-dev5~95
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=2c6fe2400172e257c9758653d041c0a56f79f3d5;p=thirdparty%2Fhaproxy.git

MINOR: ssl_sock: avoid iterating realloc(+1) on stored context

The SSL context storage in servers is per-thread, and the contents are
allocated for a length that is determined from the session. It turns out
that placing some traces there revealed that the realloc() that is called
to grow the area can be called multiple times in a row even for just
health checks, to grow the area by just one or two bytes. Given that
malloc() allocates in multiples of 8 or 16 anyway, let's round the
allocated size up to the nearest multiple of 8 to avoid this unneeded
operation.
---

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 9cc8166a59..5c4f584ba1 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -4279,6 +4279,7 @@ static int ssl_sess_new_srv_cb(SSL *ssl, SSL_SESSION *sess)
 		if (s->ssl_ctx.reused_sess[tid].ptr && s->ssl_ctx.reused_sess[tid].allocated_size >= len) {
 			ptr = s->ssl_ctx.reused_sess[tid].ptr;
 		} else {
+			len = (len + 7) & -8; /* round to the nearest 8 bytes */
 			ptr = realloc(s->ssl_ctx.reused_sess[tid].ptr, len);
 			if (!ptr)
 				free(s->ssl_ctx.reused_sess[tid].ptr);