From 4ecd9abf7441f0fe7a1c78cf170ce8ba7fb5d54d Mon Sep 17 00:00:00 2001 From: Neel Goyal Date: Thu, 15 Jun 2017 07:51:57 -0700 Subject: [PATCH] Fix a memory leak in 1.1.0 related to initial_ctx Summary: We would always up_ref the ctx before setting it as the initial_ctx. This causes a leak in 1.1.0 since the initial_ctx isn't set in this version of OpenSSL. We'll move the up_ref for the initial_ctx into the OpenSSLUtils helper. Reviewed By: anirudhvr Differential Revision: D5227823 fbshipit-source-id: b4490b317bd4dc8752a8d7e244fd153100a52aa6 --- folly/io/async/AsyncSSLSocket.cpp | 4 +--- folly/io/async/ssl/OpenSSLUtils.cpp | 3 +++ 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/folly/io/async/AsyncSSLSocket.cpp b/folly/io/async/AsyncSSLSocket.cpp index 1379bf90..84354730 100644 --- a/folly/io/async/AsyncSSLSocket.cpp +++ b/folly/io/async/AsyncSSLSocket.cpp @@ -503,9 +503,6 @@ void AsyncSSLSocket::attachSSLContext( // In order to call attachSSLContext, detachSSLContext must have been // previously called. // We need to update the initial_ctx if necessary - auto sslCtx = ctx->getSSLCtx(); - SSL_CTX_up_ref(sslCtx); - // The 'initial_ctx' inside an SSL* points to the context that it was created // with, which is also where session callbacks and servername callbacks // happen. @@ -514,6 +511,7 @@ void AsyncSSLSocket::attachSSLContext( // NOTE: this will only work if we have access to ssl_ internals, so it may // not work on // OpenSSL version >= 1.1.0 + auto sslCtx = ctx->getSSLCtx(); OpenSSLUtils::setSSLInitialCtx(ssl_, sslCtx); // Detach sets the socket's context to the dummy context. Thus we must acquire // this lock. diff --git a/folly/io/async/ssl/OpenSSLUtils.cpp b/folly/io/async/ssl/OpenSSLUtils.cpp index 80d90ec0..91e114a0 100644 --- a/folly/io/async/ssl/OpenSSLUtils.cpp +++ b/folly/io/async/ssl/OpenSSLUtils.cpp @@ -200,6 +200,9 @@ void OpenSSLUtils::setSSLInitialCtx(SSL* ssl, SSL_CTX* ctx) { (void)ctx; #if !FOLLY_OPENSSL_IS_110 && !defined(OPENSSL_NO_TLSEXT) if (ssl) { + if (ctx) { + SSL_CTX_up_ref(ctx); + } ssl->initial_ctx = ctx; } #endif -- 2.34.1