From 552c3de3575c719161998d541b3750b2ce12674c Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Fri, 8 Jan 2010 23:45:23 +0000 Subject: - Johan van Selst found and fixed a OpenSSL session ref count leak: ossl_connect_step3() increments an SSL session handle reference counter on each call. When sessions are re-used this reference counter may be incremented many times, but it will be decremented only once when done (by Curl_ossl_session_free()); and the internal OpenSSL data will not be freed if this reference count remains positive. When a session is re-used the reference counter should be corrected by explicitly calling SSL_SESSION_free() after each consecutive SSL_get1_session() to avoid introducing a memory leak. (http://curl.haxx.se/bug/view.cgi?id=2926284) --- CHANGES | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'CHANGES') diff --git a/CHANGES b/CHANGES index d2011cf7f..c9be56c64 100644 --- a/CHANGES +++ b/CHANGES @@ -6,6 +6,20 @@ Changelog +Daniel Stenberg (9 Jan 2010) +- Johan van Selst found and fixed a OpenSSL session ref count leak: + + ossl_connect_step3() increments an SSL session handle reference counter on + each call. When sessions are re-used this reference counter may be + incremented many times, but it will be decremented only once when done (by + Curl_ossl_session_free()); and the internal OpenSSL data will not be freed + if this reference count remains positive. When a session is re-used the + reference counter should be corrected by explicitly calling + SSL_SESSION_free() after each consecutive SSL_get1_session() to avoid + introducing a memory leak. + + (http://curl.haxx.se/bug/view.cgi?id=2926284) + Daniel Stenberg (7 Jan 2010) - Make sure the progress callback is called repeatedly even during very slow name resolves when c-ares is used for resolving. -- cgit v1.2.1