|
Link Here
|
|
|
1 |
--------------------- |
| 2 |
PatchSet 11375 |
| 3 |
Date: 2007/04/17 09:35:17 |
| 4 |
Author: hno |
| 5 |
Branch: SQUID_2_6 |
| 6 |
Tag: (none) |
| 7 |
Log: |
| 8 |
MFC: Bug #1814: SSL memory leak on persistent SSL connections |
| 9 |
|
| 10 |
Memory leak when attemting to reuse SSL-negotiated outgoing connections. |
| 11 |
|
| 12 |
Mainly affects reverse proxy setups using SSL-enabled peers. |
| 13 |
|
| 14 |
Merged changes: |
| 15 |
2007/04/16 23:05:50 hno +8 -6 Bug #1814: SSL memory leak on persistent SSL connections |
| 16 |
|
| 17 |
Members: |
| 18 |
src/forward.c:1.120.2.2->1.120.2.3 |
| 19 |
|
| 20 |
Note: this patchset was slightly modified for the FreeBSD port |
| 21 |
to make it apply cleanly (one hunk removed, path information stripped) |
| 22 |
|
| 23 |
Index: squid/src/forward.c |
| 24 |
=================================================================== |
| 25 |
RCS file: /cvsroot/squid/squid/src/forward.c,v |
| 26 |
retrieving revision 1.120.2.2 |
| 27 |
retrieving revision 1.120.2.3 |
| 28 |
diff -u -r1.120.2.2 -r1.120.2.3 |
| 29 |
--- src/forward.c 26 Mar 2007 23:14:09 -0000 1.120.2.2 |
| 30 |
+++ src/forward.c 17 Apr 2007 09:35:17 -0000 1.120.2.3 |
| 31 |
@@ -319,6 +319,7 @@ |
| 32 |
fd_table[fd].ssl = ssl; |
| 33 |
fd_table[fd].read_method = &ssl_read_method; |
| 34 |
fd_table[fd].write_method = &ssl_write_method; |
| 35 |
+ fd_note(fd, "Negotiating SSL"); |
| 36 |
fwdNegotiateSSL(fd, fwdState); |
| 37 |
} |
| 38 |
#endif |
| 39 |
@@ -357,10 +358,6 @@ |
| 40 |
comm_close(server_fd); |
| 41 |
} else { |
| 42 |
debug(17, 3) ("fwdConnectDone: FD %d: '%s'\n", server_fd, storeUrl(fwdState->entry)); |
| 43 |
- fd_note(server_fd, storeUrl(fwdState->entry)); |
| 44 |
- fd_table[server_fd].uses++; |
| 45 |
- if (fd_table[server_fd].uses == 1 && fs->peer) |
| 46 |
- peerConnectSucceded(fs->peer); |
| 47 |
#if USE_SSL |
| 48 |
if ((fs->peer && fs->peer->use_ssl) || |
| 49 |
(!fs->peer && request->protocol == PROTO_HTTPS)) { |
| 50 |
@@ -535,7 +532,7 @@ |
| 51 |
hierarchyNote(&fwdState->request->hier, fs->code, fd_table[fd].ipaddr); |
| 52 |
else |
| 53 |
hierarchyNote(&fwdState->request->hier, fs->code, name); |
| 54 |
- fwdConnectDone(fd, COMM_OK, fwdState); |
| 55 |
+ fwdDispatch(fwdState); |
| 56 |
return; |
| 57 |
} else { |
| 58 |
/* Discard the persistent connection to not cause |
| 59 |
@@ -653,6 +650,7 @@ |
| 60 |
StoreEntry *entry = fwdState->entry; |
| 61 |
ErrorState *err; |
| 62 |
int server_fd = fwdState->server_fd; |
| 63 |
+ FwdServer *fs = fwdState->servers; |
| 64 |
debug(17, 3) ("fwdDispatch: FD %d: Fetching '%s %s'\n", |
| 65 |
fwdState->client_fd, |
| 66 |
RequestMethodStr[request->method], |
| 67 |
@@ -667,6 +665,10 @@ |
| 68 |
assert(entry->ping_status != PING_WAITING); |
| 69 |
assert(entry->lock_count); |
| 70 |
EBIT_SET(entry->flags, ENTRY_DISPATCHED); |
| 71 |
+ fd_note(server_fd, storeUrl(fwdState->entry)); |
| 72 |
+ fd_table[server_fd].uses++; |
| 73 |
+ if (fd_table[server_fd].uses == 1 && fs->peer) |
| 74 |
+ peerConnectSucceded(fs->peer); |
| 75 |
netdbPingSite(request->host); |
| 76 |
entry->mem_obj->refresh_timestamp = squid_curtime; |
| 77 |
if (fwdState->servers && (p = fwdState->servers->peer)) { |