[or-cvs] [tor/master] Work around a memory leak in openssl 0.9.8g (and maybe others)

Nick Mathewson nickm at seul.org
Thu Sep 17 04:42:21 UTC 2009


Author: Nick Mathewson <nickm at torproject.org>
Date: Thu, 17 Sep 2009 00:01:20 -0400
Subject: Work around a memory leak in openssl 0.9.8g (and maybe others)
Commit: 9c38941195309c3d9a8620536f7f7246c780b9c7

---
 ChangeLog           |    3 +++
 src/common/tortls.c |    9 +++++++++
 2 files changed, 12 insertions(+), 0 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index fccae7d..6446943 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -45,6 +45,9 @@ Changes in version 0.2.1.20 - 2009-??-??
     - Avoid segfault in rare cases when finishing an introduction circuit
       as a client and finding out that we don't have an introduction key
       for it. Fixes bug 1073. Reported by Aaron Swartz.
+    - Work around a small memory leak in some versions of OpenSSL that
+      stopped the memory used by the hostname TLS extension from being
+      freed.
 
   o Minor features:
     - Add a "getinfo status/accepted-server-descriptor" controller
diff --git a/src/common/tortls.c b/src/common/tortls.c
index aeb0ca0..c6b11e9 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -829,6 +829,9 @@ tor_tls_new(int sock, int isServer)
   if (!SSL_set_cipher_list(result->ssl,
                      isServer ? SERVER_CIPHER_LIST : CLIENT_CIPHER_LIST)) {
     tls_log_errors(NULL, LOG_WARN, "setting ciphers");
+#ifdef SSL_set_tlsext_host_name
+    SSL_set_tlsext_host_name(result->ssl, NULL);
+#endif
     SSL_free(result->ssl);
     tor_free(result);
     return NULL;
@@ -839,6 +842,9 @@ tor_tls_new(int sock, int isServer)
   bio = BIO_new_socket(sock, BIO_NOCLOSE);
   if (! bio) {
     tls_log_errors(NULL, LOG_WARN, "opening BIO");
+#ifdef SSL_set_tlsext_host_name
+    SSL_set_tlsext_host_name(result->ssl, NULL);
+#endif
     SSL_free(result->ssl);
     tor_free(result);
     return NULL;
@@ -919,6 +925,9 @@ tor_tls_free(tor_tls_t *tls)
   if (!removed) {
     log_warn(LD_BUG, "Freeing a TLS that was not in the ssl->tls map.");
   }
+#ifdef SSL_set_tlsext_host_name
+  SSL_set_tlsext_host_name(tls->ssl, NULL);
+#endif
   SSL_free(tls->ssl);
   tls->ssl = NULL;
   tls->negotiated_callback = NULL;
-- 
1.5.6.5



More information about the tor-commits mailing list