nghttpx: Fix memory leak from CertLookupTree

This commit is contained in:
Tatsuhiro Tsujikawa 2016-06-25 23:47:22 +09:00
parent 97d8bb16e6
commit aced5b3b6c
4 changed files with 18 additions and 11 deletions

View File

@ -202,8 +202,8 @@ void ConnectionHandler::worker_replace_downstream(
} }
int ConnectionHandler::create_single_worker() { int ConnectionHandler::create_single_worker() {
auto cert_tree = ssl::create_cert_lookup_tree(); cert_tree_ = ssl::create_cert_lookup_tree();
auto sv_ssl_ctx = ssl::setup_server_ssl_context(all_ssl_ctx_, cert_tree auto sv_ssl_ctx = ssl::setup_server_ssl_context(all_ssl_ctx_, cert_tree_.get()
#ifdef HAVE_NEVERBLEED #ifdef HAVE_NEVERBLEED
, ,
nb_.get() nb_.get()
@ -234,7 +234,7 @@ int ConnectionHandler::create_single_worker() {
} }
single_worker_ = make_unique<Worker>( single_worker_ = make_unique<Worker>(
loop_, sv_ssl_ctx, cl_ssl_ctx, session_cache_ssl_ctx, cert_tree, loop_, sv_ssl_ctx, cl_ssl_ctx, session_cache_ssl_ctx, cert_tree_.get(),
ticket_keys_, this, get_config()->conn.downstream); ticket_keys_, this, get_config()->conn.downstream);
#ifdef HAVE_MRUBY #ifdef HAVE_MRUBY
if (single_worker_->create_mruby_context() != 0) { if (single_worker_->create_mruby_context() != 0) {
@ -249,8 +249,8 @@ int ConnectionHandler::create_worker_thread(size_t num) {
#ifndef NOTHREADS #ifndef NOTHREADS
assert(workers_.size() == 0); assert(workers_.size() == 0);
auto cert_tree = ssl::create_cert_lookup_tree(); cert_tree_ = ssl::create_cert_lookup_tree();
auto sv_ssl_ctx = ssl::setup_server_ssl_context(all_ssl_ctx_, cert_tree auto sv_ssl_ctx = ssl::setup_server_ssl_context(all_ssl_ctx_, cert_tree_.get()
#ifdef HAVE_NEVERBLEED #ifdef HAVE_NEVERBLEED
, ,
nb_.get() nb_.get()
@ -289,7 +289,7 @@ int ConnectionHandler::create_worker_thread(size_t num) {
all_ssl_ctx_.push_back(session_cache_ssl_ctx); all_ssl_ctx_.push_back(session_cache_ssl_ctx);
} }
auto worker = make_unique<Worker>( auto worker = make_unique<Worker>(
loop, sv_ssl_ctx, cl_ssl_ctx, session_cache_ssl_ctx, cert_tree, loop, sv_ssl_ctx, cl_ssl_ctx, session_cache_ssl_ctx, cert_tree_.get(),
ticket_keys_, this, get_config()->conn.downstream); ticket_keys_, this, get_config()->conn.downstream);
#ifdef HAVE_MRUBY #ifdef HAVE_MRUBY
if (worker->create_mruby_context() != 0) { if (worker->create_mruby_context() != 0) {

View File

@ -61,6 +61,12 @@ struct TicketKeys;
class MemcachedDispatcher; class MemcachedDispatcher;
struct UpstreamAddr; struct UpstreamAddr;
namespace ssl {
class CertLookupTree;
} // namespace ssl
struct OCSPUpdateContext { struct OCSPUpdateContext {
// ocsp response buffer // ocsp response buffer
std::vector<uint8_t> resp; std::vector<uint8_t> resp;
@ -184,6 +190,7 @@ private:
// Worker instance used when single threaded mode (-n1) is used. // Worker instance used when single threaded mode (-n1) is used.
// Otherwise, nullptr and workers_ has instances of Worker instead. // Otherwise, nullptr and workers_ has instances of Worker instead.
std::unique_ptr<Worker> single_worker_; std::unique_ptr<Worker> single_worker_;
std::unique_ptr<ssl::CertLookupTree> cert_tree_;
std::unique_ptr<MemcachedDispatcher> tls_ticket_key_memcached_dispatcher_; std::unique_ptr<MemcachedDispatcher> tls_ticket_key_memcached_dispatcher_;
// Current TLS session ticket keys. Note that TLS connection does // Current TLS session ticket keys. Note that TLS connection does
// not refer to this field directly. They use TicketKeys object in // not refer to this field directly. They use TicketKeys object in

View File

@ -1444,11 +1444,11 @@ void setup_downstream_http1_alpn(SSL *ssl) {
#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L #endif // OPENSSL_VERSION_NUMBER >= 0x10002000L
} }
CertLookupTree *create_cert_lookup_tree() { std::unique_ptr<CertLookupTree> create_cert_lookup_tree() {
if (!upstream_tls_enabled() || get_config()->tls.subcerts.empty()) { if (!upstream_tls_enabled() || get_config()->tls.subcerts.empty()) {
return nullptr; return nullptr;
} }
return new ssl::CertLookupTree(); return make_unique<CertLookupTree>();
} }
namespace { namespace {

View File

@ -212,7 +212,7 @@ void setup_downstream_http1_alpn(SSL *ssl);
// Creates CertLookupTree. If frontend is configured not to use TLS, // Creates CertLookupTree. If frontend is configured not to use TLS,
// this function returns nullptr. // this function returns nullptr.
CertLookupTree *create_cert_lookup_tree(); std::unique_ptr<CertLookupTree> create_cert_lookup_tree();
SSL *create_ssl(SSL_CTX *ssl_ctx); SSL *create_ssl(SSL_CTX *ssl_ctx);