From: Frédéric Lécaille Date: Fri, 24 Jan 2020 13:56:18 +0000 (+0100) Subject: BUG/MINOR: ssl: Possible memleak when allowing the 0RTT data buffer. X-Git-Tag: v2.2-dev2~75 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=3139c1b198bbcc14c6940f214234afd004110387;p=thirdparty%2Fhaproxy.git BUG/MINOR: ssl: Possible memleak when allowing the 0RTT data buffer. ​ As the server early data buffer is allocated in the middle of the loop used to allocate the SSL session without being freed before retrying, this leads to a memory leak. ​ To fix this we move the section of code responsible of this early data buffer alloction after the one reponsible of allocating the SSL session. ​ Must be backported to 2.1 and 2.0. --- diff --git a/src/ssl_sock.c b/src/ssl_sock.c index cbf51b796c..e42f071250 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -5999,18 +5999,6 @@ static int ssl_sock_init(struct connection *conn, void **xprt_ctx) conn->err_code = CO_ER_SSL_NO_MEM; goto err; } -#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L) - if (__objt_listener(conn->target)->bind_conf->ssl_conf.early_data) { - b_alloc(&ctx->early_buf); - SSL_set_max_early_data(ctx->ssl, - /* Only allow early data if we managed to allocate - * a buffer. - */ - (!b_is_null(&ctx->early_buf)) ? - global.tune.bufsize - global.tune.maxrewrite : 0); - } -#endif - ctx->bio = BIO_new(ha_meth); if (!ctx->bio) { if (may_retry--) { @@ -6035,6 +6023,18 @@ static int ssl_sock_init(struct connection *conn, void **xprt_ctx) goto err; } +#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L) + if (__objt_listener(conn->target)->bind_conf->ssl_conf.early_data) { + b_alloc(&ctx->early_buf); + SSL_set_max_early_data(ctx->ssl, + /* Only allow early data if we managed to allocate + * a buffer. + */ + (!b_is_null(&ctx->early_buf)) ? + global.tune.bufsize - global.tune.maxrewrite : 0); + } +#endif + SSL_set_accept_state(ctx->ssl); /* leave init state and start handshake */