From: Joe Orton Date: Wed, 7 May 2008 14:17:31 +0000 (+0000) Subject: * modules/ssl/mod_ssl.c (ssl_cleanup_pre_config): Remove the call to X-Git-Tag: 2.3.0~667 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=09e9ce347929c199cbf6ec82fc83d7c40dbbb75d;p=apache * modules/ssl/mod_ssl.c (ssl_cleanup_pre_config): Remove the call to CRYPTO_cleanup_all_ex_data here, fixing a per-connection memory leak which occurs if the client indicates support for a compression algorithm in the initial handshake, and mod_ssl is linked against OpenSSL >= 0.9.8f. Thanks to Amund Elstad and Dr Stephen Henson for analysis of this issue. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@654119 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/modules/ssl/mod_ssl.c b/modules/ssl/mod_ssl.c index 43d031d884..3fcf96508d 100644 --- a/modules/ssl/mod_ssl.c +++ b/modules/ssl/mod_ssl.c @@ -217,11 +217,6 @@ static apr_status_t ssl_cleanup_pre_config(void *data) EVP_cleanup(); #if HAVE_ENGINE_LOAD_BUILTIN_ENGINES ENGINE_cleanup(); -#endif -#ifdef HAVE_OPENSSL -#if OPENSSL_VERSION_NUMBER >= 0x00907001 - CRYPTO_cleanup_all_ex_data(); -#endif #endif ERR_remove_state(0); @@ -229,6 +224,12 @@ static apr_status_t ssl_cleanup_pre_config(void *data) * actually load the error strings once per process due to static * variable abuse in OpenSSL. */ + /* Also don't call CRYPTO_cleanup_all_ex_data here; any registered + * ex_data indices may have been cached in static variables in + * OpenSSL; removing them may cause havoc. Notably, with OpenSSL + * versions >= 0.9.8f, COMP_CTX cleanups would not be run, which + * could result in a per-connection memory leak (!). */ + /* * TODO: determine somewhere we can safely shove out diagnostics * (when enabled) at this late stage in the game: