[zorp-hu] memoryleak 2.1.7.2
Balazs Scheidler
zorp-hu@lists.balabit.hu
Fri, 26 Nov 2004 14:46:54 +0100
--=-3dji8POqHALrxzianOWv
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
megneztem, megtalaltam. patch attachban. (2.1.8-hoz kepest, de lehet,
hogy a 2.0-ra is ramegy)
ha nem akarsz patchelni, akkor meg varnod kell egy
tesztrelease-t/2.1.9-et.
On Thu, 2004-09-30 at 23:56, Kosa Attila wrote:
> On Fri, Sep 17, 2004 at 06:45:49PM +0200, Balazs Scheidler wrote:
> > On Fri, 2004-09-17 at 17:19, Kosa Attila wrote:
> >
> > > Mit tudok segiteni, hogy kideruljon, mivel van gond? Mivel a http
> > > proxy-n nagyobb forgalom van (legalabbis velhetoen), mint a https-en (es
> > > az nem no - ilyen latvanyosan legalabbis), ezert inkabb a pssl-re
> > > modositom a tippemet :)
> >
> > ertem, valoszinuleg GPL specifikus, kereskedelmiben nem tudok leakrol,
> > megnezem, amint tudom.
>
> zorp-pro 2.0.9-1
> 461 root 9 0 255m 122m 26m S 0.0 50.5 89:59.67 zorp
>
> Ebben http, https, plug es pop3 van.
--
Bazsi
--=-3dji8POqHALrxzianOWv
Content-Disposition: attachment; filename=pssl-gpl-leak-fix.diff
Content-Type: text/x-patch; name=pssl-gpl-leak-fix.diff; charset=iso-8859-2
Content-Transfer-Encoding: 7bit
* added files
{arch}/zorp-module-pssl/zorp-module-pssl--mainline/zorp-module-pssl--mainline--2.1/devel@balabit.hu--zorp-1/patch-log/patch-1
* modified files
--- orig/pssl.c
+++ mod/pssl.c
@@ -50,7 +50,6 @@
GString *server_ca_dir;
GString *server_crl_dir;
gboolean need_ssl[EP_MAX];
- SSL_CTX *client_ctx, *server_ctx;
int verify_type[EP_MAX];
int verify_depth[EP_MAX];
} PsslProxy;
@@ -115,8 +114,6 @@
self->verify_type[EP_CLIENT] = Z_SSL_VERIFY_REQUIRED_TRUSTED;
self->verify_depth[EP_SERVER] = 1;
self->verify_depth[EP_CLIENT] = 1;
- self->client_ctx = NULL;
- self->server_ctx = NULL;
for (i = 0; i < EP_MAX; i++)
{
self->need_ssl[i] = TRUE;
@@ -343,6 +340,7 @@
{
char buf[1024];
+ z_ssl_session_unref(ssl);
z_proxy_log(self, PSSL_ERROR, 1, "SSL handshake failed on the client side; error='%s'", z_ssl_get_error_str(buf, sizeof(buf)));
z_proxy_leave(self);
return FALSE;
@@ -358,6 +356,8 @@
z_proxy_log(self, PSSL_DEBUG, 4, "Identified peer on the client side; peer='%s'", tmp);
}
+ z_ssl_session_unref(ssl);
+
z_proxy_log(self, PSSL_DEBUG, 6, "Client side SSL handshake successful;");
z_proxy_leave(self);
return TRUE;
@@ -402,6 +402,7 @@
char buf[1024];
z_proxy_log(self, PSSL_ERROR, 1, "SSL handshake failed on the server side; error='%s'", z_ssl_get_error_str(buf, sizeof(buf)));
+ z_ssl_session_unref(ssl);
z_proxy_leave(self);
return FALSE;
}
@@ -416,6 +417,7 @@
z_proxy_log(self, PSSL_DEBUG, 4, "Identified peer on the server side; peer='%s'", tmp);
}
+ z_ssl_session_unref(ssl);
z_proxy_log(self, PSSL_DEBUG, 6, "Server side SSL handshake successful;");
z_proxy_leave(self);
return TRUE;
@@ -444,6 +446,7 @@
z_proxy_log(self, PSSL_DEBUG, 6, "Client needs ssl.");
if (!pssl_init_client_ssl(self))
{
+ z_stream_unref(tmpstream1);
z_proxy_leave(self);
return FALSE;
}
@@ -456,6 +459,8 @@
z_proxy_log(self, PSSL_DEBUG, 6, "Server needs ssl.");
if (!pssl_init_server_ssl(self))
{
+ z_stream_unref(tmpstream1);
+ z_stream_unref(tmpstream2);
z_proxy_leave(self);
return FALSE;
}
@@ -464,6 +469,9 @@
z_stream_set_nonblock(tmpstream1, TRUE);
z_stream_unref(tmpstream1);
+ z_stream_set_nonblock(tmpstream2, TRUE);
+ z_stream_unref(tmpstream2);
+
z_proxy_leave(self);
return TRUE;
}
@@ -631,16 +639,9 @@
self->poll = NULL;
}
- if (self->server_ctx)
- {
- SSL_CTX_free(self->server_ctx);
- }
- if (self->client_ctx)
- {
- SSL_CTX_free(self->client_ctx);
- }
ERR_remove_state(0);
- z_proxy_leave(self);
+ z_proxy_free_method(s);
+ z_leave();
}
gint
--=-3dji8POqHALrxzianOWv--