On 25/04/2014 12:55 p.m., Alex Rousskov wrote:
> Do not leak [SSL] objects tied to http_port and https_port on reconfigure.
>
> PortCfg objects were not destroyed at all (no delete call) and were
> incorrectly stored (excessive cbdata locking). This change adds
> destruction and removes excessive locking to allow the destructed
> object to be freed. It also cleans up forgotten(?) clientca and crlfile
> PortCfg members.
>
> This change fixes a serious leak but also carries an elevated risk:
> There is a lot of code throughout Squid that does not check the pointers
> to the objects that are now properly destroyed. It is possible that some
> of that code will crash some time after reconfigure. It is not possible
> to ensure that this does not happen without rewriting/fixing the
> offending code to use refcounting. Such a rewrite would be a relatively
> large change outside this patch scope. We may decide that it is better
> to leak than to take this additional risk.
>
> Alex.
>
-0.
I have a patch moving the SSL config options into a standalone
ref-counted object. That can be polished up and references added to each
ConnStateData fairly easily.
Amos
Received on Fri Apr 25 2014 - 08:59:40 MDT
This archive was generated by hypermail 2.2.0 : Fri Apr 25 2014 - 12:00:16 MDT