Blame SOURCES/memcached-free-tls-cntxt.patch
|
 |
f13770 |
commit 06d06ff9477780d82ef3a1851525e3bc2aa4280f
|
|
|
f13770 |
Author: dormando <dormando@rydia.net>
|
|
|
f13770 |
Date: Fri Sep 20 12:39:30 2019 -0700
|
|
|
f13770 |
|
|
|
f13770 |
TLS: fix leak of SSL context on accept failure
|
|
|
f13770 |
|
|
|
f13770 |
frees said context. Don't use SSL_Shutdown as connection was not
|
|
|
f13770 |
established.
|
|
|
f13770 |
|
|
|
f13770 |
also fixes potential leak if dispatch_conn_new fails; but that
|
|
|
f13770 |
shouldn't be possible for most systems. requires either a malloc
|
|
|
f13770 |
failure or event_add() failure.
|
|
|
f13770 |
|
|
|
f13770 |
diff --git a/memcached.c b/memcached.c
|
|
|
f13770 |
index e8c0da4..1be6583 100644
|
|
|
f13770 |
--- a/memcached.c
|
|
|
f13770 |
+++ b/memcached.c
|
|
|
f13770 |
@@ -5805,6 +5805,7 @@ static void drive_machine(conn *c) {
|
|
|
f13770 |
if (settings.verbose) {
|
|
|
f13770 |
fprintf(stderr, "SSL connection failed with error code : %d : %s\n", err, strerror(errno));
|
|
|
f13770 |
}
|
|
|
f13770 |
+ SSL_free(ssl);
|
|
|
f13770 |
close(sfd);
|
|
|
f13770 |
break;
|
|
|
f13770 |
}
|
|
|
f13770 |
diff --git a/thread.c b/thread.c
|
|
|
f13770 |
index f3a08ad..eaec647 100644
|
|
|
f13770 |
--- a/thread.c
|
|
|
f13770 |
+++ b/thread.c
|
|
|
f13770 |
@@ -500,6 +500,12 @@ static void thread_libevent_process(int fd, short which, void *arg) {
|
|
|
f13770 |
fprintf(stderr, "Can't listen for events on fd %d\n",
|
|
|
f13770 |
item->sfd);
|
|
|
f13770 |
}
|
|
|
f13770 |
+#ifdef TLS
|
|
|
f13770 |
+ if (item->ssl) {
|
|
|
f13770 |
+ SSL_shutdown(item->ssl);
|
|
|
f13770 |
+ SSL_free(item->ssl);
|
|
|
f13770 |
+ }
|
|
|
f13770 |
+#endif
|
|
|
f13770 |
close(item->sfd);
|
|
|
f13770 |
}
|
|
|
f13770 |
} else {
|