[tomcat-native] branch main updated: Fix BZ 66669 - memory leak in SNI processing

Mon, 31 Jul 2023 02:05:31 -0700 

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat-native.git


The following commit(s) were added to refs/heads/main by this push:
     new f64a8a4b0 Fix BZ 66669 - memory leak in SNI processing
f64a8a4b0 is described below

commit f64a8a4b02f805af811b529b4df0c71e10b0bd9f
Author: Mark Thomas <[email protected]>
AuthorDate: Mon Jul 31 09:56:37 2023 +0100

    Fix BZ 66669 - memory leak in SNI processing
    
    https://bz.apache.org/bugzilla/show_bug.cgi?id=66669
---
 native/src/sslcontext.c           | 11 ++++++++++-
 xdocs/miscellaneous/changelog.xml |  3 +++
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/native/src/sslcontext.c b/native/src/sslcontext.c
index 73446a95d..b52258914 100644
--- a/native/src/sslcontext.c
+++ b/native/src/sslcontext.c
@@ -22,6 +22,7 @@
 #include "apr_file_io.h"
 #include "apr_thread_mutex.h"
 #include "apr_poll.h"
+#include "apr_pools.h"
 
 #include "ssl_private.h"
 
@@ -141,6 +142,7 @@ int ssl_callback_ClientHello(SSL *ssl, int *al, void *arg)
     const unsigned char *pos;
     size_t len, remaining;
     tcn_ssl_ctxt_t *c = (tcn_ssl_ctxt_t *) arg;
+    apr_pool_t *subpool = NULL;
 
     (*javavm)->AttachCurrentThread(javavm, (void **)&env, NULL);
     // Continue only if the static method exists
@@ -188,7 +190,10 @@ int ssl_callback_ClientHello(SSL *ssl, int *al, void *arg)
     /* Use the SNI to switch to the relevant vhost, should it differ from
      * c->base_server.
      */
-    servername = apr_pstrmemdup(c->pool, (const char *)pos, len);
+    if (apr_pool_create(&subpool, c->pool) != APR_SUCCESS) {
+        goto give_up;
+    }
+    servername = apr_pstrmemdup(subpool, (const char *)pos, len);
 
 give_up:
     if (servername != NULL) {
@@ -221,8 +226,12 @@ give_up:
                 SSL_set_session_id_context(ssl,  &(c->context_id[0]), sizeof 
c->context_id);
             }
         }
+    }
 
+    if (subpool != NULL) {
+        apr_pool_destroy(subpool);
     }
+
     return SSL_CLIENT_HELLO_SUCCESS;
 }
 #endif
diff --git a/xdocs/miscellaneous/changelog.xml 
b/xdocs/miscellaneous/changelog.xml
index 7ef27121a..8bffe0d5d 100644
--- a/xdocs/miscellaneous/changelog.xml
+++ b/xdocs/miscellaneous/changelog.xml
@@ -51,6 +51,9 @@
     <update>
       Update the minimum version of autoconf for releasing to 2.68. (rjung)
     </update>
+    <fix>
+      <bug>66669</bug>: Fix memory leak in SNI processing. (markt)
+    </fix>
   </changelog>
 </section>
 <section name="Changes in 2.0.4">


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to