httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jor...@apache.org
Subject svn commit: r654119 - /httpd/httpd/trunk/modules/ssl/mod_ssl.c
Date Wed, 07 May 2008 14:17:31 GMT
Author: jorton
Date: Wed May  7 07:17:31 2008
New Revision: 654119

URL: http://svn.apache.org/viewvc?rev=654119&view=rev
Log:
* modules/ssl/mod_ssl.c (ssl_cleanup_pre_config): Remove the call to
  CRYPTO_cleanup_all_ex_data here, fixing a per-connection memory leak
  which occurs if the client indicates support for a compression
  algorithm in the initial handshake, and mod_ssl is linked against
  OpenSSL >= 0.9.8f.

Thanks to Amund Elstad and Dr Stephen Henson for analysis of this
issue.

Modified:
    httpd/httpd/trunk/modules/ssl/mod_ssl.c

Modified: httpd/httpd/trunk/modules/ssl/mod_ssl.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/mod_ssl.c?rev=654119&r1=654118&r2=654119&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/mod_ssl.c (original)
+++ httpd/httpd/trunk/modules/ssl/mod_ssl.c Wed May  7 07:17:31 2008
@@ -218,17 +218,18 @@
 #if HAVE_ENGINE_LOAD_BUILTIN_ENGINES
     ENGINE_cleanup();
 #endif
-#ifdef HAVE_OPENSSL
-#if OPENSSL_VERSION_NUMBER >= 0x00907001
-    CRYPTO_cleanup_all_ex_data();
-#endif
-#endif
     ERR_remove_state(0);
 
     /* Don't call ERR_free_strings here; ERR_load_*_strings only
      * actually load the error strings once per process due to static
      * variable abuse in OpenSSL. */
 
+    /* Also don't call CRYPTO_cleanup_all_ex_data here; any registered
+     * ex_data indices may have been cached in static variables in
+     * OpenSSL; removing them may cause havoc.  Notably, with OpenSSL
+     * versions >= 0.9.8f, COMP_CTX cleanups would not be run, which
+     * could result in a per-connection memory leak (!). */
+
     /*
      * TODO: determine somewhere we can safely shove out diagnostics
      *       (when enabled) at this late stage in the game:



Mime
View raw message