On 04/25/2014 02:59 AM, Amos Jeffries wrote:
> On 25/04/2014 12:55 p.m., Alex Rousskov wrote:
>> Do not leak [SSL] objects tied to http_port and https_port on reconfigure.
>>
>> PortCfg objects were not destroyed at all (no delete call) and were
>> incorrectly stored (excessive cbdata locking). This change adds
>> destruction and removes excessive locking to allow the destructed
>> object to be freed. It also cleans up forgotten(?) clientca and crlfile
>> PortCfg members.
>>
>> This change fixes a serious leak but also carries an elevated risk:
>> There is a lot of code throughout Squid that does not check the pointers
>> to the objects that are now properly destroyed. It is possible that some
>> of that code will crash some time after reconfigure. It is not possible
>> to ensure that this does not happen without rewriting/fixing the
>> offending code to use refcounting. Such a rewrite would be a relatively
>> large change outside this patch scope. We may decide that it is better
>> to leak than to take this additional risk.
>>
>> Alex.
>>
>
> -0.
>
> I have a patch moving the SSL config options into a standalone
> ref-counted object. That can be polished up and references added to each
> ConnStateData fairly easily.
Amos, what is the status of that patch? Any ETA? Do you expect your
changes to be easily portable to v3.3?
Thank you,
Alex.
Received on Fri Jun 13 2014 - 20:08:06 MDT
This archive was generated by hypermail 2.2.0 : Sat Jun 14 2014 - 12:00:11 MDT