From: William Lallemand <wlallemand@haproxy.com>
Date: Wed, 3 Jan 2018 18:15:51 +0000 (+0100)
Subject: BUG/MEDIUM: ssl: cache doesn't release shctx blocks
X-Git-Tag: v1.9-dev1~528
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=99b90af6213809a018e89988d7139f7048e97208;p=thirdparty%2Fhaproxy.git

BUG/MEDIUM: ssl: cache doesn't release shctx blocks

Since the rework of the shctx with the hot list system, the ssl cache
was putting session inside the hot list, without removing them.
Once all block were used, they were all locked in the hot list, which
was forbiding to reuse them for new sessions.

Bug introduced by 4f45bb9 ("MEDIUM: shctx: separate ssl and shctx")

Thanks to Jeffrey J. Persch for reporting this bug.

Must be backported to 1.8.
---

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 163b6a13fe..aecf3ddb7c 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -3849,8 +3849,12 @@ static int sh_ssl_sess_store(unsigned char *s_id, unsigned char *data, int data_
 		first->len = sizeof(struct sh_ssl_sess_hdr);
 	}
 
-	if (shctx_row_data_append(ssl_shctx, first, data, data_len) < 0)
+	if (shctx_row_data_append(ssl_shctx, first, data, data_len) < 0) {
+		shctx_row_dec_hot(ssl_shctx, first);
 		return 0;
+	}
+
+	shctx_row_dec_hot(ssl_shctx, first);
 
 	return 1;
 }