From: Daniel Stenberg Date: Fri, 8 Jan 2010 23:45:23 +0000 (+0000) Subject: - Johan van Selst found and fixed a OpenSSL session ref count leak: X-Git-Tag: curl-7_20_0~168 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=552c3de3575c719161998d541b3750b2ce12674c;p=thirdparty%2Fcurl.git - Johan van Selst found and fixed a OpenSSL session ref count leak: ossl_connect_step3() increments an SSL session handle reference counter on each call. When sessions are re-used this reference counter may be incremented many times, but it will be decremented only once when done (by Curl_ossl_session_free()); and the internal OpenSSL data will not be freed if this reference count remains positive. When a session is re-used the reference counter should be corrected by explicitly calling SSL_SESSION_free() after each consecutive SSL_get1_session() to avoid introducing a memory leak. (http://curl.haxx.se/bug/view.cgi?id=2926284) --- diff --git a/CHANGES b/CHANGES index d2011cf7f9..c9be56c641 100644 --- a/CHANGES +++ b/CHANGES @@ -6,6 +6,20 @@ Changelog +Daniel Stenberg (9 Jan 2010) +- Johan van Selst found and fixed a OpenSSL session ref count leak: + + ossl_connect_step3() increments an SSL session handle reference counter on + each call. When sessions are re-used this reference counter may be + incremented many times, but it will be decremented only once when done (by + Curl_ossl_session_free()); and the internal OpenSSL data will not be freed + if this reference count remains positive. When a session is re-used the + reference counter should be corrected by explicitly calling + SSL_SESSION_free() after each consecutive SSL_get1_session() to avoid + introducing a memory leak. + + (http://curl.haxx.se/bug/view.cgi?id=2926284) + Daniel Stenberg (7 Jan 2010) - Make sure the progress callback is called repeatedly even during very slow name resolves when c-ares is used for resolving. diff --git a/RELEASE-NOTES b/RELEASE-NOTES index f2ed8c0608..eab8e4216e 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -42,6 +42,7 @@ This release includes the following bugfixes: o header include fix for FreeBSD versions before v8 o fragment part of URLs are no longer sent to the server o progress callback called repeatedly with c-ares for resolving + o OpenSSL session id ref count leak This release includes the following known bugs: @@ -54,6 +55,7 @@ advice from friends like these: Marco Maggi, Camille Moncelier, Claes Jakobsson, Kevin Baughman, Marc Kleine-Budde, Jad Chamcham, Bjorn Augustsson, David Byron, Markus Koetter, Chad Monroe, Martin Storsjo, Siegfried Gyuricsko, - Jon Nelson, Julien Chaffraix, Renato Botelho, Peter Pentchev, Ingmar Runge + Jon Nelson, Julien Chaffraix, Renato Botelho, Peter Pentchev, Ingmar Runge, + Johan van Selst Thanks! (and sorry if I forgot to mention someone) diff --git a/lib/ssluse.c b/lib/ssluse.c index 97ffe61808..b7475c0297 100644 --- a/lib/ssluse.c +++ b/lib/ssluse.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2009, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2010, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -2315,7 +2315,15 @@ ossl_connect_step3(struct connectdata *conn, return retcode; } } - +#ifdef HAVE_SSL_GET1_SESSION + else { + /* Session was incache, so refcount already incremented earlier. + * Avoid further increments with each SSL_get1_session() call. + * This does not free the session as refcount remains > 0 + */ + SSL_SESSION_free(our_ssl_sessionid); + } +#endif /* * We check certificates to authenticate the server; otherwise we risk