From 09e9ce347929c199cbf6ec82fc83d7c40dbbb75d Mon Sep 17 00:00:00 2001 From: Joe Orton Date: Wed, 7 May 2008 14:17:31 +0000 Subject: [PATCH] * modules/ssl/mod_ssl.c (ssl_cleanup_pre_config): Remove the call to CRYPTO_cleanup_all_ex_data here, fixing a per-connection memory leak which occurs if the client indicates support for a compression algorithm in the initial handshake, and mod_ssl is linked against OpenSSL >= 0.9.8f. Thanks to Amund Elstad and Dr Stephen Henson for analysis of this issue. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@654119 13f79535-47bb-0310-9956-ffa450edef68 --- modules/ssl/mod_ssl.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/modules/ssl/mod_ssl.c b/modules/ssl/mod_ssl.c index 43d031d884..3fcf96508d 100644 --- a/modules/ssl/mod_ssl.c +++ b/modules/ssl/mod_ssl.c @@ -217,11 +217,6 @@ static apr_status_t ssl_cleanup_pre_config(void *data) EVP_cleanup(); #if HAVE_ENGINE_LOAD_BUILTIN_ENGINES ENGINE_cleanup(); -#endif -#ifdef HAVE_OPENSSL -#if OPENSSL_VERSION_NUMBER >= 0x00907001 - CRYPTO_cleanup_all_ex_data(); -#endif #endif ERR_remove_state(0); @@ -229,6 +224,12 @@ static apr_status_t ssl_cleanup_pre_config(void *data) * actually load the error strings once per process due to static * variable abuse in OpenSSL. */ + /* Also don't call CRYPTO_cleanup_all_ex_data here; any registered + * ex_data indices may have been cached in static variables in + * OpenSSL; removing them may cause havoc. Notably, with OpenSSL + * versions >= 0.9.8f, COMP_CTX cleanups would not be run, which + * could result in a per-connection memory leak (!). */ + /* * TODO: determine somewhere we can safely shove out diagnostics * (when enabled) at this late stage in the game: -- 2.40.0