curl and libcurl

Tracker: Bugs

5 [patch] Reference count leak in OpenSSL session re-use - ID: 2926284

Last Update: Settings changed ( bagder )

Details:

ossl_connect_step3() increments an SSL session handle reference counter on each call. When sessions are re-used this reference counter may be incremented many times, but it will be decremented only once when done (by Curl_ossl_session_free()); and the internal OpenSSL data will not be freed if this reference count remains positive. When a session is re-used the reference counter should be corrected by explicitly calling SSL_SESSION_free() after each consecutive SSL_get1_session() to avoid introducing a memory leak.

Submitted:

Johan van Selst ( koresh ) - 2010-01-05 15:06:26 UTC

Priority:

Status:

Closed

Resolution:

Fixed

Assigned:

Daniel Stenberg

Category:

libcurl

Group:

None

Visibility:

Public

Comment ( 1 )

Date: 2010-01-08 23:45:45 UTC Sender: bagder Thanks for the report, this problem is now fixed in CVS!

Attached File ( 1 )

Filename	Description	Download
curl-ssl-session.patch		Download

Changes ( 5 )

Field	Old Value	Date	By
status_id	Open	2010-01-08 23:45:59 UTC	bagder
resolution_id	None	2010-01-08 23:45:59 UTC	bagder
allow_comments	1	2010-01-08 23:45:59 UTC	bagder
close_date	-	2010-01-08 23:45:59 UTC	bagder
File Added	357760: curl-ssl-session.patch	2010-01-05 15:06:29 UTC	koresh

curl and libcurl

Tracker: Bugs

Comment ( 1 )

Attached File ( 1 )

Changes ( 5 )

About SourceForge

Find Software

Develop Software

Community

Help