From: Automerge script Date: Fri, 14 Sep 2012 19:28:57 +0000 (+0000) Subject: Merged revisions 373059,373062 via svnmerge from X-Git-Tag: 10.10.0-digiumphones-rc1~48 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=74bea2a92cee8144f1ae1127d850be19bf24fceb;p=thirdparty%2Fasterisk.git Merged revisions 373059,373062 via svnmerge from file:///srv/subversion/repos/asterisk/branches/10 ................ r373059 | mjordan | 2012-09-14 13:28:40 -0500 (Fri, 14 Sep 2012) | 16 lines Constify __ao2_ref_debug in astobj2 When REF_DEBUG is enabled in certain files - most notably ccss.c - the 'tag' parameter passed to __ao2_ref_debug will be a const char *. The function currently expects that parameter to not be const. This causes a warning when compiling, as the const qualifier is being discarded. With dev-mode enabled, this prevents compiling Asterisk. This patch makes __ao2_ref_debug's tag and file parameters const. (closes issue ASTERISK-20408) Reported by: mjordan ........ Merged revisions 372959 from http://svn.asterisk.org/svn/asterisk/branches/1.8 ................ r373062 | mjordan | 2012-09-14 14:12:48 -0500 (Fri, 14 Sep 2012) | 30 lines Resolve memory leaks in TLS initialization and TLS client connections This patch resolves two sources of memory leaks when using TLS in Asterisk: 1) It removes improper initialization (and multiple re-initializations) of portions of the SSL library. Asterisk calls SSL_library_init and SSL_load_error_strings during SSL initialization; collectively this obviates the need for calling any of the following during initialization or client connection handling: * ERR_load_crypto_strings (handled by SSL_load_error_strings) * OpenSSL_add_all_algorithms (synonym for SSL_library_init) * SSLeay_add_ssl_algorithms (synonym for SSL_library_init) 2) Failure to completely clean up all memory allocated by Asterisk and by the SSL library for TLS clients. This included not freeing the SSL_CTX object in the SIP channel driver, as well as not clearing the error stack when the TLS client exited. Note that these memory leaks were found by Thomas Arimont, and this patch was essentially written by him with some minor tweaks. (closes issue AST-889) Reported by: Thomas Arimont Tested by: Thomas Arimont patches: (bugAST-889.patch) by Thomas Arimont (license 5525) Review: https://reviewboard.asterisk.org/r/2105 ........ Merged revisions 373061 from http://svn.asterisk.org/svn/asterisk/branches/1.8 ................ git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/10-digiumphones@373078 65c4cc65-6c06-0410-ace0-fbb531ad65f3 --- diff --git a/channels/chan_sip.c b/channels/chan_sip.c index 082b798fc5..42fb389043 100644 --- a/channels/chan_sip.c +++ b/channels/chan_sip.c @@ -2397,6 +2397,8 @@ static void sip_tcptls_client_args_destructor(void *obj) ast_free(args->tls_cfg->cipher); ast_free(args->tls_cfg->cafile); ast_free(args->tls_cfg->capath); + + ast_ssl_teardown(args->tls_cfg); } ast_free(args->tls_cfg); ast_free((char *) args->name); diff --git a/include/asterisk/astobj2.h b/include/asterisk/astobj2.h index b19f828f27..77129c7784 100644 --- a/include/asterisk/astobj2.h +++ b/include/asterisk/astobj2.h @@ -462,7 +462,7 @@ void *__ao2_alloc(const size_t data_size, ao2_destructor_fn destructor_fn); #endif -int __ao2_ref_debug(void *o, int delta, char *tag, char *file, int line, const char *funcname); +int __ao2_ref_debug(void *o, int delta, const char *tag, const char *file, int line, const char *funcname); int __ao2_ref(void *o, int delta); /*! @} */ diff --git a/main/astobj2.c b/main/astobj2.c index 5da94679c4..59322d261f 100644 --- a/main/astobj2.c +++ b/main/astobj2.c @@ -207,7 +207,7 @@ void *ao2_object_get_lockaddr(void *obj) */ -int __ao2_ref_debug(void *user_data, const int delta, char *tag, char *file, int line, const char *funcname) +int __ao2_ref_debug(void *user_data, const int delta, const char *tag, const char *file, int line, const char *funcname) { struct astobj2 *obj = INTERNAL_OBJ(user_data); diff --git a/main/ssl.c b/main/ssl.c index ff202816ef..ef824754e8 100644 --- a/main/ssl.c +++ b/main/ssl.c @@ -81,9 +81,7 @@ int ast_ssl_init(void) SSL_library_init(); SSL_load_error_strings(); - ERR_load_crypto_strings(); ERR_load_BIO_strings(); - OpenSSL_add_all_algorithms(); /* Make OpenSSL thread-safe. */ diff --git a/main/tcptls.c b/main/tcptls.c index a18f1a8958..286985d27a 100644 --- a/main/tcptls.c +++ b/main/tcptls.c @@ -82,6 +82,7 @@ static int ssl_close(void *cookie) { int cookie_fd = SSL_get_fd(cookie); int ret; + if (cookie_fd > -1) { /* * According to the TLS standard, it is acceptable for an application to only send its shutdown @@ -91,6 +92,12 @@ static int ssl_close(void *cookie) if ((ret = SSL_shutdown(cookie)) < 0) { ast_log(LOG_ERROR, "SSL_shutdown() failed: %d\n", SSL_get_error(cookie, ret)); } + + if (!((SSL*)cookie)->server) { + /* For client threads, ensure that the error stack is cleared */ + ERR_remove_state(0); + } + SSL_free(cookie); /* adding shutdown(2) here has no added benefit */ if (close(cookie_fd)) { @@ -313,9 +320,6 @@ static int __ssl_setup(struct ast_tls_config *cfg, int client) if (!cfg->enabled) return 0; - SSL_load_error_strings(); - SSLeay_add_ssl_algorithms(); - /* Get rid of an old SSL_CTX since we're about to * allocate a new one */ @@ -357,7 +361,6 @@ static int __ssl_setup(struct ast_tls_config *cfg, int client) if (!client) { /* Clients don't need a certificate, but if its setup we can use it */ ast_verb(0, "SSL error loading cert file. <%s>", cfg->certfile); - sleep(2); cfg->enabled = 0; SSL_CTX_free(cfg->ssl_ctx); cfg->ssl_ctx = NULL; @@ -368,7 +371,6 @@ static int __ssl_setup(struct ast_tls_config *cfg, int client) if (!client) { /* Clients don't need a private key, but if its setup we can use it */ ast_verb(0, "SSL error loading private key file. <%s>", tmpprivate); - sleep(2); cfg->enabled = 0; SSL_CTX_free(cfg->ssl_ctx); cfg->ssl_ctx = NULL; @@ -380,7 +382,6 @@ static int __ssl_setup(struct ast_tls_config *cfg, int client) if (SSL_CTX_set_cipher_list(cfg->ssl_ctx, cfg->cipher) == 0 ) { if (!client) { ast_verb(0, "SSL cipher error <%s>", cfg->cipher); - sleep(2); cfg->enabled = 0; SSL_CTX_free(cfg->ssl_ctx); cfg->ssl_ctx = NULL;