From 1e658cb038f2ceeec16c6beb46a0368a860c6264 Mon Sep 17 00:00:00 2001 From: Davi Arnaut Date: Mon, 25 May 2009 10:00:18 -0300 Subject: Bug#42158: leak: SSL_get_peer_certificate() doesn't have matching X509_free() The problem is that the server failed to follow the rule that every X509 object retrieved using SSL_get_peer_certificate() must be explicitly freed by X509_free(). This caused a memory leak for builds linked against OpenSSL where the X509 object is reference counted -- improper counting will prevent the object from being destroyed once the session containing the peer certificate is freed. The solution is to explicitly free every X509 object used. mysql-test/r/openssl_1.result: Add test case result for Bug#42158 mysql-test/t/openssl_1.test: Add test case for Bug#42158 sql/sql_acl.cc: Deallocate X509 objects. --- mysql-test/r/openssl_1.result | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'mysql-test/r/openssl_1.result') diff --git a/mysql-test/r/openssl_1.result b/mysql-test/r/openssl_1.result index c408c14b716..b0dd3acd662 100644 --- a/mysql-test/r/openssl_1.result +++ b/mysql-test/r/openssl_1.result @@ -202,4 +202,10 @@ Ssl_cipher RC4-SHA select 'is still running; no cipher request crashed the server' as result from dual; result is still running; no cipher request crashed the server +GRANT SELECT ON test.* TO bug42158@localhost REQUIRE X509; +FLUSH PRIVILEGES; +SHOW STATUS LIKE 'Ssl_cipher'; +Variable_name Value +Ssl_cipher DHE-RSA-AES256-SHA +DROP USER bug42158@localhost; End of 5.1 tests -- cgit v1.2.1