httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Orton <jor...@redhat.com>
Subject Re: Memory leak in mod_ssl ssl_callback_TmpDH
Date Tue, 27 May 2014 08:51:07 GMT
On Sat, May 24, 2014 at 10:32:35AM +0200, Kaspar Brand wrote:
> On 19.05.2014 10:15, Plüm, Rüdiger, Vodafone Group wrote:
> > Maybe stupid idea, but can't we do that once and hand it out over
> > and over again?
> 
> Not a stupid idea at all - I think it's actually the most sensible
> solution to this problem. This is what OpenSSL does with the
> DH parameters provided by the callback in s3_srvr.c:ssl3_send_server_key_exchange():

This may be a stupid question: if we are doing this once per process 
lifetime would it not be better to do it at init time, and store the 
results somewhere other than a static variable?

We have a potential race here between threads doing the param 
generation, right?

+    static DH *dh = NULL; \
+    DH *dh_tmp; \
...
+    dh = dh_tmp; \

though it would not matter who wins the race *if* we could rely on 
pointer assignment being atomic - which is a fairly dubious assumption, 
and at least deserves a comment.  If a potential race is possible here 
it might be better to do it once at startup to save CPU time anyway?

Regards, Joe

Mime
View raw message