From 55d8fce6872caffa61978d1827458d2f852e9b63 Mon Sep 17 00:00:00 2001 From: tb <> Date: Sat, 2 Jan 2021 18:00:08 +0000 Subject: Free {alert,phh}_data in tls13_record_layer_free() httpd(8)'s incorrect tls_close() after closing the underlying socket led to a leak: tls_close()'s attempt to send out the close_notify won't work very well over a closed pipe. This resulted in alert_data still hanging off the TLSv1.3 context's record layer struct. The tls_free() call should have cleaned this up but failed to do so. The record layer's phh_data potentially has the same issue, so free it as well. This diff makes -current httpd(8) run in constant memory over hundreds of thousands TLS connections with a static site. ok inoguchi jsing --- src/lib/libssl/tls13_record_layer.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'src/lib/libssl/tls13_record_layer.c') diff --git a/src/lib/libssl/tls13_record_layer.c b/src/lib/libssl/tls13_record_layer.c index 1298f59051..2f980ab60b 100644 --- a/src/lib/libssl/tls13_record_layer.c +++ b/src/lib/libssl/tls13_record_layer.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_record_layer.c,v 1.55 2020/10/15 07:07:09 tb Exp $ */ +/* $OpenBSD: tls13_record_layer.c,v 1.56 2021/01/02 18:00:08 tb Exp $ */ /* * Copyright (c) 2018, 2019 Joel Sing * @@ -135,6 +135,9 @@ tls13_record_layer_free(struct tls13_record_layer *rl) if (rl == NULL) return; + freezero(rl->alert_data, rl->alert_len); + freezero(rl->phh_data, rl->phh_len); + tls13_record_layer_rbuf_free(rl); tls13_record_layer_rrec_free(rl); -- cgit v1.2.3-55-g6feb