From c20b63ec3afe5434c5532805b25d7bfa6ff59b38 Mon Sep 17 00:00:00 2001 From: Remi Gacogne Date: Wed, 17 Nov 2021 19:03:46 +0100 Subject: [PATCH] dnsdist: Fix a memory leak when reusing TLS tickets for outgoing connections MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit We were not properly freeing the memory of TLS session tickets reused for outgoing TLS (DoT / DoH) connections. Reported by Stéphane Bortzmeyer (many thanks!). --- pdns/tcpiohandler.cc | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/pdns/tcpiohandler.cc b/pdns/tcpiohandler.cc index 6068c1bc84..18121be131 100644 --- a/pdns/tcpiohandler.cc +++ b/pdns/tcpiohandler.cc @@ -498,7 +498,7 @@ public: if (ret != 1) { throw std::runtime_error("Error setting up session: " + libssl_get_error_string()); } - native.release(); + session.reset(); } void addNewTicket(SSL_SESSION* session) @@ -916,12 +916,9 @@ public: d_sess.data = nullptr; } - gnutls_datum_t getNative() + const gnutls_datum_t& getNative() { - auto ret = d_sess; - d_sess.data = nullptr; - d_sess.size = 0; - return ret; + return d_sess; } private: @@ -1424,8 +1421,7 @@ public: if (ret != GNUTLS_E_SUCCESS) { throw std::runtime_error("Error setting up GnuTLS session: " + std::string(gnutls_strerror(ret))); } - - session.release(); + session.reset(); } void close() override -- 2.47.2