Commit 552c3de3 authored by Daniel Stenberg's avatar Daniel Stenberg
Browse files

- Johan van Selst found and fixed a OpenSSL session ref count leak: 

  ossl_connect_step3() increments an SSL session handle reference counter on
  each call. When sessions are re-used this reference counter may be
  incremented many times, but it will be decremented only once when done (by
  Curl_ossl_session_free()); and the internal OpenSSL data will not be freed
  if this reference count remains positive. When a session is re-used the
  reference counter should be corrected by explicitly calling
  SSL_SESSION_free() after each consecutive SSL_get1_session() to avoid
  introducing a memory leak.

  (http://curl.haxx.se/bug/view.cgi?id=2926284)
parent aa2f4474

CHANGES

+14 −0
Original line number Diff line number Diff line
@@ -6,6 +6,20 @@ 


                                  Changelog



Daniel Stenberg (9 Jan 2010)

- Johan van Selst found and fixed a OpenSSL session ref count leak:



  ossl_connect_step3() increments an SSL session handle reference counter on

  each call. When sessions are re-used this reference counter may be

  incremented many times, but it will be decremented only once when done (by

  Curl_ossl_session_free()); and the internal OpenSSL data will not be freed

  if this reference count remains positive. When a session is re-used the

  reference counter should be corrected by explicitly calling

  SSL_SESSION_free() after each consecutive SSL_get1_session() to avoid

  introducing a memory leak.



  (http://curl.haxx.se/bug/view.cgi?id=2926284)



Daniel Stenberg (7 Jan 2010)

- Make sure the progress callback is called repeatedly even during very slow

  name resolves when c-ares is used for resolving.

RELEASE-NOTES

+3 −1
Original line number Diff line number Diff line
@@ -42,6 +42,7 @@ This release includes the following bugfixes: 
 o header include fix for FreeBSD versions before v8

 o fragment part of URLs are no longer sent to the server

 o progress callback called repeatedly with c-ares for resolving

 o OpenSSL session id ref count leak



This release includes the following known bugs:
@@ -54,6 +55,7 @@ advice from friends like these: 
 Marco Maggi, Camille Moncelier, Claes Jakobsson, Kevin Baughman,

 Marc Kleine-Budde, Jad Chamcham, Bjorn Augustsson, David Byron,

 Markus Koetter, Chad Monroe, Martin Storsjo, Siegfried Gyuricsko,

 Jon Nelson, Julien Chaffraix, Renato Botelho, Peter Pentchev, Ingmar Runge

 Jon Nelson, Julien Chaffraix, Renato Botelho, Peter Pentchev, Ingmar Runge,

 Johan van Selst



        Thanks! (and sorry if I forgot to mention someone)

lib/ssluse.c

+10 −2
Original line number Diff line number Diff line
@@ -5,7 +5,7 @@ 
 *                            | (__| |_| |  _ <| |___

 *                             \___|\___/|_| \_\_____|

 *

 * Copyright (C) 1998 - 2009, Daniel Stenberg, <daniel@haxx.se>, et al.

 * Copyright (C) 1998 - 2010, Daniel Stenberg, <daniel@haxx.se>, et al.

 *

 * This software is licensed as described in the file COPYING, which

 * you should have received as part of this distribution. The terms
@@ -2315,7 +2315,15 @@ ossl_connect_step3(struct connectdata *conn, 
      return retcode;

    }

  }



#ifdef HAVE_SSL_GET1_SESSION

  else {

    /* Session was incache, so refcount already incremented earlier.

     * Avoid further increments with each SSL_get1_session() call.

     * This does not free the session as refcount remains > 0

     */

    SSL_SESSION_free(our_ssl_sessionid);

  }

#endif



  /*

   * We check certificates to authenticate the server; otherwise we risk