From: Ruediger Pluem Date: Sat, 17 May 2008 19:50:14 +0000 (+0000) Subject: Merge r654119 from trunk: X-Git-Tag: 2.2.9~151 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=90ecc006ab31b3141b6785a63ad61e9952895bc6;p=thirdparty%2Fapache%2Fhttpd.git Merge r654119 from trunk: * modules/ssl/mod_ssl.c (ssl_cleanup_pre_config): Remove the call to CRYPTO_cleanup_all_ex_data here, fixing a per-connection memory leak which occurs if the client indicates support for a compression algorithm in the initial handshake, and mod_ssl is linked against OpenSSL >= 0.9.8f. Thanks to Amund Elstad and Dr Stephen Henson for analysis of this issue. Submitted by: jorton Reviewed by: rpluem, jim, fielding git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@657445 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index b057d26990d..7d63562e432 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,10 @@ -*- coding: utf-8 -*- Changes with Apache 2.2.9 + *) mod_ssl: Fix a memory leak with connections that have zlib compression + turned on. PR 44975 [Joe Orton, Amund Elstad , + Dr Stephen Henson ] + *) mod_proxy: Trigger a retry by the client in the case we fail to read the response line from the backend by closing the connection to the client. PR 37770 [Ruediger Pluem] diff --git a/STATUS b/STATUS index dcfe18261db..ee547f0e6b8 100644 --- a/STATUS +++ b/STATUS @@ -90,16 +90,6 @@ RELEASE SHOWSTOPPERS: PATCHES ACCEPTED TO BACKPORT FROM TRUNK: [ start all new proposals below, under PATCHES PROPOSED. ] -* mod_ssl: Fix a memory leak with connections that have zlib compression - turned on. PR 44975 [Joe Orton, Amund Elstad , - Dr Stephen Henson ] - Trunk version of patch: - http://svn.apache.org/viewvc?rev=654119&view=rev - Backport version for 2.2.x of patch: - Trunk version of patch works - +1: rpluem, jim, fielding - - PATCHES PROPOSED TO BACKPORT FROM TRUNK: [ New proposals should be added at the end of the list ] diff --git a/modules/ssl/mod_ssl.c b/modules/ssl/mod_ssl.c index 01d5b43bb95..ff690167460 100644 --- a/modules/ssl/mod_ssl.c +++ b/modules/ssl/mod_ssl.c @@ -226,11 +226,6 @@ static apr_status_t ssl_cleanup_pre_config(void *data) EVP_cleanup(); #if HAVE_ENGINE_LOAD_BUILTIN_ENGINES ENGINE_cleanup(); -#endif -#ifdef HAVE_OPENSSL -#if OPENSSL_VERSION_NUMBER >= 0x00907001 - CRYPTO_cleanup_all_ex_data(); -#endif #endif ERR_remove_state(0); @@ -238,6 +233,12 @@ static apr_status_t ssl_cleanup_pre_config(void *data) * actually load the error strings once per process due to static * variable abuse in OpenSSL. */ + /* Also don't call CRYPTO_cleanup_all_ex_data here; any registered + * ex_data indices may have been cached in static variables in + * OpenSSL; removing them may cause havoc. Notably, with OpenSSL + * versions >= 0.9.8f, COMP_CTX cleanups would not be run, which + * could result in a per-connection memory leak (!). */ + /* * TODO: determine somewhere we can safely shove out diagnostics * (when enabled) at this late stage in the game: