From: Jeff Trawick Date: Fri, 7 Oct 2005 23:31:32 +0000 (+0000) Subject: Commit Greg's patch to fix worker MPM memory leak. X-Git-Tag: 2.0.55~4 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5ccac81f218db4036e7e2c8eb8f8f90efb7957b4;p=thirdparty%2Fapache%2Fhttpd.git Commit Greg's patch to fix worker MPM memory leak. Approved by: Greg, OtherBill, Jeff git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@307218 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index edc793ef06e..1712823c758 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,9 @@ -*- coding: utf-8 -*- Changes with Apache 2.0.55 + *) worker MPM: Fix a memory leak which can occur after an aborted + connection in some limited circumstances. [Greg Ames] + *) mod_ldap: Fix PR 36563. Keep track of the number of attributes retrieved from LDAP so that all of the values can be properly cached even if the value is NULL. diff --git a/STATUS b/STATUS index 11065891271..7af4b887af5 100644 --- a/STATUS +++ b/STATUS @@ -110,15 +110,6 @@ RELEASE SHOWSTOPPERS: +1: jorton, wrowe, trawick wrowe cautions to backport to 2.2.x branch as well. - *) SECURITY: CAN-2005-2970 (cve.mitre.org) - worker MPM: Fix a memory leak which can occur after an aborted - connection in some limited circumstances. - http://people.apache.org/~trawick/CAN-2005-2970.txt - +1: trawick, brianp - +0: wrowe [greg ames and jeff trawick were of two minds, I'm - +1 on either patch they mutually agree upon.] - - PATCHES ACCEPTED TO BACKPORT FROM TRUNK: [ start all new proposals below, under PATCHES PROPOSED. ] diff --git a/server/mpm/worker/worker.c b/server/mpm/worker/worker.c index 8f1ba12c44d..c6203b3d72e 100644 --- a/server/mpm/worker/worker.c +++ b/server/mpm/worker/worker.c @@ -574,8 +574,7 @@ static void *listener_thread(apr_thread_t *thd, void * dummy) int process_slot = ti->pid; apr_pool_t *tpool = apr_thread_pool_get(thd); void *csd = NULL; - apr_pool_t *ptrans; /* Pool for per-transaction stuff */ - apr_pool_t *recycled_pool = NULL; + apr_pool_t *ptrans = NULL; /* Pool for per-transaction stuff */ int n; apr_pollfd_t *pollset; apr_status_t rv; @@ -604,8 +603,11 @@ static void *listener_thread(apr_thread_t *thd, void * dummy) if (listener_may_exit) break; if (!have_idle_worker) { + /* the following pops a recycled ptrans pool off a stack + * if there is one, in addition to reserving a worker thread + */ rv = ap_queue_info_wait_for_idler(worker_queue_info, - &recycled_pool); + &ptrans); if (APR_STATUS_IS_EOF(rv)) { break; /* we've been signaled to die now */ } @@ -682,8 +684,9 @@ static void *listener_thread(apr_thread_t *thd, void * dummy) } got_fd: if (!listener_may_exit) { - /* create a new transaction pool for each accepted socket */ - if (recycled_pool == NULL) { + if (ptrans == NULL) { + /* we can't use a recycled transaction pool this time. + * create a new transaction pool */ apr_allocator_t *allocator; apr_allocator_create(&allocator); @@ -691,9 +694,6 @@ static void *listener_thread(apr_thread_t *thd, void * dummy) apr_pool_create_ex(&ptrans, NULL, NULL, allocator); apr_allocator_owner_set(allocator, ptrans); } - else { - ptrans = recycled_pool; - } apr_pool_tag(ptrans, "transaction"); rv = lr->accept_func(&csd, lr, ptrans); /* later we trash rv and rely on csd to indicate success/failure */