You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by rp...@apache.org on 2008/05/17 21:50:15 UTC
svn commit: r657445 - in /httpd/httpd/branches/2.2.x: CHANGES STATUS
modules/ssl/mod_ssl.c
Author: rpluem
Date: Sat May 17 12:50:14 2008
New Revision: 657445
URL: http://svn.apache.org/viewvc?rev=657445&view=rev
Log:
Merge r654119 from trunk:
* modules/ssl/mod_ssl.c (ssl_cleanup_pre_config): Remove the call to
CRYPTO_cleanup_all_ex_data here, fixing a per-connection memory leak
which occurs if the client indicates support for a compression
algorithm in the initial handshake, and mod_ssl is linked against
OpenSSL >= 0.9.8f.
Thanks to Amund Elstad and Dr Stephen Henson for analysis of this
issue.
Submitted by: jorton
Reviewed by: rpluem, jim, fielding
Modified:
httpd/httpd/branches/2.2.x/CHANGES
httpd/httpd/branches/2.2.x/STATUS
httpd/httpd/branches/2.2.x/modules/ssl/mod_ssl.c
Modified: httpd/httpd/branches/2.2.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/CHANGES?rev=657445&r1=657444&r2=657445&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.2.x/CHANGES [utf-8] Sat May 17 12:50:14 2008
@@ -1,6 +1,10 @@
-*- coding: utf-8 -*-
Changes with Apache 2.2.9
+ *) mod_ssl: Fix a memory leak with connections that have zlib compression
+ turned on. PR 44975 [Joe Orton, Amund Elstad <Amund.Elstad ist.com>,
+ Dr Stephen Henson <steve openssl.org>]
+
*) mod_proxy: Trigger a retry by the client in the case we fail to read the
response line from the backend by closing the connection to the client.
PR 37770 [Ruediger Pluem]
Modified: httpd/httpd/branches/2.2.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/STATUS?rev=657445&r1=657444&r2=657445&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/STATUS (original)
+++ httpd/httpd/branches/2.2.x/STATUS Sat May 17 12:50:14 2008
@@ -90,16 +90,6 @@
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
[ start all new proposals below, under PATCHES PROPOSED. ]
-* mod_ssl: Fix a memory leak with connections that have zlib compression
- turned on. PR 44975 [Joe Orton, Amund Elstad <Amund.Elstad ist.com>,
- Dr Stephen Henson <steve openssl.org>]
- Trunk version of patch:
- http://svn.apache.org/viewvc?rev=654119&view=rev
- Backport version for 2.2.x of patch:
- Trunk version of patch works
- +1: rpluem, jim, fielding
-
-
PATCHES PROPOSED TO BACKPORT FROM TRUNK:
[ New proposals should be added at the end of the list ]
Modified: httpd/httpd/branches/2.2.x/modules/ssl/mod_ssl.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/ssl/mod_ssl.c?rev=657445&r1=657444&r2=657445&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/modules/ssl/mod_ssl.c (original)
+++ httpd/httpd/branches/2.2.x/modules/ssl/mod_ssl.c Sat May 17 12:50:14 2008
@@ -227,17 +227,18 @@
#if HAVE_ENGINE_LOAD_BUILTIN_ENGINES
ENGINE_cleanup();
#endif
-#ifdef HAVE_OPENSSL
-#if OPENSSL_VERSION_NUMBER >= 0x00907001
- CRYPTO_cleanup_all_ex_data();
-#endif
-#endif
ERR_remove_state(0);
/* Don't call ERR_free_strings here; ERR_load_*_strings only
* actually load the error strings once per process due to static
* variable abuse in OpenSSL. */
+ /* Also don't call CRYPTO_cleanup_all_ex_data here; any registered
+ * ex_data indices may have been cached in static variables in
+ * OpenSSL; removing them may cause havoc. Notably, with OpenSSL
+ * versions >= 0.9.8f, COMP_CTX cleanups would not be run, which
+ * could result in a per-connection memory leak (!). */
+
/*
* TODO: determine somewhere we can safely shove out diagnostics
* (when enabled) at this late stage in the game: