Return-Path: Delivered-To: apmail-httpd-cvs-archive@www.apache.org Received: (qmail 76318 invoked from network); 7 May 2008 14:17:57 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 7 May 2008 14:17:57 -0000 Received: (qmail 62700 invoked by uid 500); 7 May 2008 14:17:57 -0000 Delivered-To: apmail-httpd-cvs-archive@httpd.apache.org Received: (qmail 62621 invoked by uid 500); 7 May 2008 14:17:57 -0000 Mailing-List: contact cvs-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list cvs@httpd.apache.org Received: (qmail 62609 invoked by uid 99); 7 May 2008 14:17:57 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 07 May 2008 07:17:57 -0700 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 07 May 2008 14:17:11 +0000 Received: by eris.apache.org (Postfix, from userid 65534) id 547BE238898F; Wed, 7 May 2008 07:17:32 -0700 (PDT) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r654119 - /httpd/httpd/trunk/modules/ssl/mod_ssl.c Date: Wed, 07 May 2008 14:17:31 -0000 To: cvs@httpd.apache.org From: jorton@apache.org X-Mailer: svnmailer-1.0.8 Message-Id: <20080507141732.547BE238898F@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: jorton Date: Wed May 7 07:17:31 2008 New Revision: 654119 URL: http://svn.apache.org/viewvc?rev=654119&view=rev Log: * modules/ssl/mod_ssl.c (ssl_cleanup_pre_config): Remove the call to CRYPTO_cleanup_all_ex_data here, fixing a per-connection memory leak which occurs if the client indicates support for a compression algorithm in the initial handshake, and mod_ssl is linked against OpenSSL >= 0.9.8f. Thanks to Amund Elstad and Dr Stephen Henson for analysis of this issue. Modified: httpd/httpd/trunk/modules/ssl/mod_ssl.c Modified: httpd/httpd/trunk/modules/ssl/mod_ssl.c URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/mod_ssl.c?rev=654119&r1=654118&r2=654119&view=diff ============================================================================== --- httpd/httpd/trunk/modules/ssl/mod_ssl.c (original) +++ httpd/httpd/trunk/modules/ssl/mod_ssl.c Wed May 7 07:17:31 2008 @@ -218,17 +218,18 @@ #if HAVE_ENGINE_LOAD_BUILTIN_ENGINES ENGINE_cleanup(); #endif -#ifdef HAVE_OPENSSL -#if OPENSSL_VERSION_NUMBER >= 0x00907001 - CRYPTO_cleanup_all_ex_data(); -#endif -#endif ERR_remove_state(0); /* Don't call ERR_free_strings here; ERR_load_*_strings only * actually load the error strings once per process due to static * variable abuse in OpenSSL. */ + /* Also don't call CRYPTO_cleanup_all_ex_data here; any registered + * ex_data indices may have been cached in static variables in + * OpenSSL; removing them may cause havoc. Notably, with OpenSSL + * versions >= 0.9.8f, COMP_CTX cleanups would not be run, which + * could result in a per-connection memory leak (!). */ + /* * TODO: determine somewhere we can safely shove out diagnostics * (when enabled) at this late stage in the game: