git.ipfire.org Git - thirdparty/openssl.git/commit

author	Neil Horman <nhorman@openssl.org>
	Tue, 14 Jan 2025 22:52:20 +0000 (17:52 -0500)
committer	Neil Horman <nhorman@openssl.org>
	Thu, 23 Jan 2025 16:50:42 +0000 (11:50 -0500)
commit	9cff1d5099be49fa4cd83f4d0c6b86cce6f7a525
tree	fdd563aada1f797288388a55719ec0c1cded47e9	tree \| snapshot
parent	71781b772544983c18067cecafe7f662321b7e0f	commit \| diff

Fix memory leak in pre-allocated listeners

We have a chicken and egg problem.

Normally when we create a connection object in quic, we associate it
with a listener, and up the ref on the parent listener, which is fine.

However, now that we are pre-allocating user_ssl objects for incomming
connections we have a situation in which:
1) The pre-alocated connection object holds a ref on the listener
2) The application has no awareness of the quic connection object (and
   so can't free it)
3) The freeing of the listener object never calls into the quic stack,
   because its reference count may hold references from connections that
   haven't been accepted yet

We could require that applications register a function for the
new_pending_conn callback, and track/free these pending connections, but
that seems like alot of extra unneeded work to place on the application

Instead:
a) add a quic_conn_st flag named accepted
b) When pre-allocating connections, clear the flag in (a) and _dont_
   hold a reference to the parent listener
c) in SSL_accept_connection, set the accepted flag and reference the
listener
d) in ossl_quic_free drop the listener reference only if the accepted
flag is set
c) expressly free all user_ssl objects in ossl_quic_port_drop_incoming

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26361)

ssl/quic/quic_impl.c		diff \| blob \| blame \| history
ssl/quic/quic_local.h		diff \| blob \| blame \| history
ssl/quic/quic_port.c		diff \| blob \| blame \| history