diff options
| author | Daniel Stenberg <daniel@haxx.se> | 2010-01-08 23:45:23 +0000 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2010-01-08 23:45:23 +0000 |
| commit | 552c3de3575c719161998d541b3750b2ce12674c (patch) | |
| tree | 0e856f508e93bd512998a06182108753bf4283aa /CHANGES | |
| parent | aa2f447400b5b49c9a00189fea33c2483c0a8a06 (diff) | |
- Johan van Selst found and fixed a OpenSSL session ref count leak:
ossl_connect_step3() increments an SSL session handle reference counter on
each call. When sessions are re-used this reference counter may be
incremented many times, but it will be decremented only once when done (by
Curl_ossl_session_free()); and the internal OpenSSL data will not be freed
if this reference count remains positive. When a session is re-used the
reference counter should be corrected by explicitly calling
SSL_SESSION_free() after each consecutive SSL_get1_session() to avoid
introducing a memory leak.
(http://curl.haxx.se/bug/view.cgi?id=2926284)
Diffstat (limited to 'CHANGES')
| -rw-r--r-- | CHANGES | 14 |
1 files changed, 14 insertions, 0 deletions
@@ -6,6 +6,20 @@ Changelog +Daniel Stenberg (9 Jan 2010) +- Johan van Selst found and fixed a OpenSSL session ref count leak: + + ossl_connect_step3() increments an SSL session handle reference counter on + each call. When sessions are re-used this reference counter may be + incremented many times, but it will be decremented only once when done (by + Curl_ossl_session_free()); and the internal OpenSSL data will not be freed + if this reference count remains positive. When a session is re-used the + reference counter should be corrected by explicitly calling + SSL_SESSION_free() after each consecutive SSL_get1_session() to avoid + introducing a memory leak. + + (http://curl.haxx.se/bug/view.cgi?id=2926284) + Daniel Stenberg (7 Jan 2010) - Make sure the progress callback is called repeatedly even during very slow name resolves when c-ares is used for resolving. |