Forum

HTTPS memory leak on 5.7

Kyle
25 January 2008, 09:50
I found some SSL memory leaks on Hiawatha 5.7.
It's very easy to reproduce: keep press F5 to refresh an HTTPS page.
I don't know they are fixed or not in the latest Hiawatha.
This following is my fix:
Index: websrv/hiawatha.c
===================================================================
diff -d -u -1 -5 -r1.7 hiawatha.c
--- websrv/hiawatha.c   5 Apr 2007 07:55:51 -0000       1.7
+++ websrv/hiawatha.c   25 Jan 2008 07:29:34 -0000
@@ -901,30 +901,33 @@
                                }
                        }
                } while (session->keep_alive);

                close_socket(session);
        } else {
                close(session->client_socket);
        }
        log_close(session->config->first_host);

        if (session->config->reconnect_delay > 0) {
                mark_client_for_removal(session, session->config->reconnect_delay);
        } else {
                remove_client(session, true);
        }
+#ifdef HAVE_SSL
+        ERR_remove_state(0);
+#endif
        // Client session ends here.
 }

 /* Signal handlers
  */
 void SEGV_handler(int sig) {
        syslog(LOG_DAEMON | LOG_ALERT, "segmentation fault!");
        exit(EXIT_FAILURE);
 }

 void TERM_handler(int sig) {
        received_signal = rs_QUIT_SERVER;
 }

 void USR1_handler(int sig) {
Index: websrv/session.c
===================================================================
diff -d -u -1 -5 -r1.2 session.c
--- websrv/session.c    19 Mar 2007 07:25:16 -0000      1.2
+++ websrv/session.c    25 Jan 2008 07:29:34 -0000
@@ -402,21 +402,23 @@
                                        }
                                }
                        }
                }
                botlist = botlist->next;
        }

        return false;
 }

 void close_socket(t_session *session) {
        if (session->socket_open) {
 #ifdef HAVE_SSL
                if (session->binding->use_ssl) {
                        ssl_close(session->ssl_data);
+                       SSL_free(session->ssl_data);
+                       session->ssl_data = NULL;
                }
 #endif
                close(session->client_socket);
                session->socket_open = false;
        }
 }
Kyle
25 January 2008, 10:00
BTW, my OS is Linux kernel 2.6.11.3
Hugo Leisink
26 January 2008, 03:52
Thanks for your feedback. I will take a look at your patch.

Update:
It is indeed a memory leak. The problem will be fixed in 6.4. Thanks!
This topic has been closed.
Back
Copyright © by Hugo Leisink. All rights reserved.
Built upon the Banshee PHP framework.