diff options
author | Daniel Stenberg <daniel@haxx.se> | 2010-01-08 23:45:23 +0000 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2010-01-08 23:45:23 +0000 |
commit | 552c3de3575c719161998d541b3750b2ce12674c (patch) | |
tree | 0e856f508e93bd512998a06182108753bf4283aa /RELEASE-NOTES | |
parent | aa2f447400b5b49c9a00189fea33c2483c0a8a06 (diff) |
- Johan van Selst found and fixed a OpenSSL session ref count leak:
ossl_connect_step3() increments an SSL session handle reference counter on
each call. When sessions are re-used this reference counter may be
incremented many times, but it will be decremented only once when done (by
Curl_ossl_session_free()); and the internal OpenSSL data will not be freed
if this reference count remains positive. When a session is re-used the
reference counter should be corrected by explicitly calling
SSL_SESSION_free() after each consecutive SSL_get1_session() to avoid
introducing a memory leak.
(http://curl.haxx.se/bug/view.cgi?id=2926284)
Diffstat (limited to 'RELEASE-NOTES')
-rw-r--r-- | RELEASE-NOTES | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/RELEASE-NOTES b/RELEASE-NOTES index f2ed8c060..eab8e4216 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -42,6 +42,7 @@ This release includes the following bugfixes: o header include fix for FreeBSD versions before v8 o fragment part of URLs are no longer sent to the server o progress callback called repeatedly with c-ares for resolving + o OpenSSL session id ref count leak This release includes the following known bugs: @@ -54,6 +55,7 @@ advice from friends like these: Marco Maggi, Camille Moncelier, Claes Jakobsson, Kevin Baughman, Marc Kleine-Budde, Jad Chamcham, Bjorn Augustsson, David Byron, Markus Koetter, Chad Monroe, Martin Storsjo, Siegfried Gyuricsko, - Jon Nelson, Julien Chaffraix, Renato Botelho, Peter Pentchev, Ingmar Runge + Jon Nelson, Julien Chaffraix, Renato Botelho, Peter Pentchev, Ingmar Runge, + Johan van Selst Thanks! (and sorry if I forgot to mention someone) |