From: Neel Goyal <ngoyal@fb.com>
Date: Thu, 15 Jun 2017 14:51:57 +0000 (-0700)
Subject: Fix a memory leak in 1.1.0 related to initial_ctx
X-Git-Tag: v2017.06.19.00~23
X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=4ecd9abf7441f0fe7a1c78cf170ce8ba7fb5d54d;p=folly.git

Fix a memory leak in 1.1.0 related to initial_ctx

Summary: We would always up_ref the ctx before setting it as the initial_ctx.  This causes a leak in 1.1.0 since the initial_ctx isn't set in this version of OpenSSL.  We'll move the up_ref for the initial_ctx into the OpenSSLUtils helper.

Reviewed By: anirudhvr

Differential Revision: D5227823

fbshipit-source-id: b4490b317bd4dc8752a8d7e244fd153100a52aa6
---

diff --git a/folly/io/async/AsyncSSLSocket.cpp b/folly/io/async/AsyncSSLSocket.cpp
index 1379bf90..84354730 100644
--- a/folly/io/async/AsyncSSLSocket.cpp
+++ b/folly/io/async/AsyncSSLSocket.cpp
@@ -503,9 +503,6 @@ void AsyncSSLSocket::attachSSLContext(
   // In order to call attachSSLContext, detachSSLContext must have been
   // previously called.
   // We need to update the initial_ctx if necessary
-  auto sslCtx = ctx->getSSLCtx();
-  SSL_CTX_up_ref(sslCtx);
-
   // The 'initial_ctx' inside an SSL* points to the context that it was created
   // with, which is also where session callbacks and servername callbacks
   // happen.
@@ -514,6 +511,7 @@ void AsyncSSLSocket::attachSSLContext(
   // NOTE: this will only work if we have access to ssl_ internals, so it may
   // not work on
   // OpenSSL version >= 1.1.0
+  auto sslCtx = ctx->getSSLCtx();
   OpenSSLUtils::setSSLInitialCtx(ssl_, sslCtx);
   // Detach sets the socket's context to the dummy context. Thus we must acquire
   // this lock.
diff --git a/folly/io/async/ssl/OpenSSLUtils.cpp b/folly/io/async/ssl/OpenSSLUtils.cpp
index 80d90ec0..91e114a0 100644
--- a/folly/io/async/ssl/OpenSSLUtils.cpp
+++ b/folly/io/async/ssl/OpenSSLUtils.cpp
@@ -200,6 +200,9 @@ void OpenSSLUtils::setSSLInitialCtx(SSL* ssl, SSL_CTX* ctx) {
   (void)ctx;
 #if !FOLLY_OPENSSL_IS_110 && !defined(OPENSSL_NO_TLSEXT)
   if (ssl) {
+    if (ctx) {
+      SSL_CTX_up_ref(ctx);
+    }
     ssl->initial_ctx = ctx;
   }
 #endif