From: Alex Rousskov <rousskov@measurement-factory.com>
Date: Thu, 21 Aug 2014 00:29:33 +0000 (-0600)
Subject: Do not leak fake SSL certificate context cache when reconfigure
X-Git-Tag: SQUID_3_5_0_1~108
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ea886ed62b214d67b9c8163b78cdcc497810deea;p=thirdparty%2Fsquid.git

Do not leak fake SSL certificate context cache when reconfigure
changes port addresses.

We believe that deleting a cached LocalContextStorage object does not actually
affect connections that use the corresponding SSL_CTX and certificate because
any SSL object using those things increments their sharing counter and
deleting LocalContextStorage only decrements that counter. The [cached]
SSL_CTX object is not destroyed by SSL_CTX_free until that sharing counter
reaches zero.
---

diff --git a/src/ssl/context_storage.cc b/src/ssl/context_storage.cc
index f0cb0005a8..a2e0bd7884 100644
--- a/src/ssl/context_storage.cc
+++ b/src/ssl/context_storage.cc
@@ -90,6 +90,7 @@ void Ssl::GlobalContextStorage::reconfigureFinish()
         for (std::map<Ip::Address, LocalContextStorage *>::iterator i = storage.begin(); i != storage.end(); ++i) {
             std::map<Ip::Address, size_t>::iterator conf_i = configureStorage.find(i->first);
             if (conf_i == configureStorage.end() || conf_i->second <= 0) {
+                delete i->second;
                 storage.erase(i);
             } else {
                 i->second->setMemLimit(conf_i->second);