- Johan van Selst found and fixed a OpenSSL session ref count leak:

  ossl_connect_step3() increments an SSL session handle reference counter on
  each call. When sessions are re-used this reference counter may be
  incremented many times, but it will be decremented only once when done (by
  Curl_ossl_session_free()); and the internal OpenSSL data will not be freed
  if this reference count remains positive. When a session is re-used the
  reference counter should be corrected by explicitly calling
  SSL_SESSION_free() after each consecutive SSL_get1_session() to avoid
  introducing a memory leak.

  (http://curl.haxx.se/bug/view.cgi?id=2926284)

1 files changed, 10 insertions, 2 deletions

diff --git a/lib/ssluse.c b/lib/ssluse.c
index 97ffe6180..b7475c029 100644
--- a/lib/ssluse.c
+++ b/lib/ssluse.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2009, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2010, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -2315,7 +2315,15 @@ ossl_connect_step3(struct connectdata *conn,
       return retcode;
     }
   }
-
+#ifdef HAVE_SSL_GET1_SESSION
+  else {
+    /* Session was incache, so refcount already incremented earlier.
+     * Avoid further increments with each SSL_get1_session() call.
+     * This does not free the session as refcount remains > 0
+     */
+    SSL_SESSION_free(our_ssl_sessionid);
+  }
+#endif
 
   /*
    * We check certificates to authenticate the server; otherwise we risk