Blame SOURCES/unbound-1.7.3-DNS-over-TLS-memory-leak.patch

a68357
From 377d5b426a30fc915cf7905786f93c0ec89845b7 Mon Sep 17 00:00:00 2001
a68357
From: Wouter Wijngaards <wouter@nlnetlabs.nl>
a68357
Date: Tue, 25 Sep 2018 09:01:13 +0000
a68357
Subject: [PATCH] - Add SSL cleanup for tcp timeout.
a68357
a68357
git-svn-id: file:///svn/unbound/trunk@4915 be551aaa-1e26-0410-a405-d3ace91eadb9
a68357
---
a68357
 services/outside_network.c | 11 +++++++++++
a68357
 1 files changed, 9 insertions(+)
a68357
diff --git a/services/outside_network.c b/services/outside_network.c
a68357
index 5700ef8..b52cdab 100644
a68357
--- a/services/outside_network.c
a68357
+++ b/services/outside_network.c
a68357
@@ -373,6 +373,8 @@ outnet_tcp_take_into_use(struct waiting_tcp* w, uint8_t* pkt, size_t pkt_len)
a68357
                         if(!SSL_set1_host(pend->c->ssl, w->tls_auth_name)) {
a68357
                                 log_err("SSL_set1_host failed");
a68357
 				pend->c->fd = s;
a68357
+				SSL_free(pend->c->ssl);
a68357
+				pend->c->ssl = NULL;
a68357
 				comm_point_close(pend->c);
a68357
 				return 0;
a68357
 			}
a68357
@@ -1258,6 +1260,13 @@ outnet_tcptimer(void* arg)
a68357
 	} else {
a68357
 		/* it was in use */
a68357
 		struct pending_tcp* pend=(struct pending_tcp*)w->next_waiting;
a68357
+		if(pend->c->ssl) {
a68357
+#ifdef HAVE_SSL
a68357
+			SSL_shutdown(pend->c->ssl);
a68357
+			SSL_free(pend->c->ssl);
a68357
+			pend->c->ssl = NULL;
a68357
+#endif
a68357
+		}
a68357
 		comm_point_close(pend->c);
a68357
 		pend->query = NULL;
a68357
 		pend->next_free = outnet->tcp_free;