bryancall commented on code in PR #13026:
URL: https://github.com/apache/trafficserver/pull/13026#discussion_r2999108656
##########
src/iocore/net/SSLConfig.cc:
##########
@@ -454,6 +454,7 @@ SSLConfigParams::initialize()
SSLConfigParams::origin_session_cache_size = ssl_origin_session_cache_size;
if (ssl_origin_session_cache == 1 && ssl_origin_session_cache_size > 0) {
+ delete origin_sess_cache;
origin_sess_cache = new SSLOriginSessionCache();
Review Comment:
Good catch. Changed to allocate-once pattern (`origin_sess_cache == nullptr`
guard) so the cache lives for the process lifetime. No delete/new on reload —
the eviction loop in `insert_session()` enforces the new size naturally via the
static `origin_session_cache_size`. This avoids both the use-after-free race
and clearing the cache (which would hurt session resumption performance).
##########
src/iocore/net/SSLSessionCache.cc:
##########
@@ -43,7 +43,13 @@ SSLSessDeleter(SSL_SESSION *_p)
SSLOriginSessionCache::SSLOriginSessionCache() {}
-SSLOriginSessionCache::~SSLOriginSessionCache() {}
+SSLOriginSessionCache::~SSLOriginSessionCache()
+{
+ while (auto *node = orig_sess_que.pop()) {
+ delete node;
+ }
+ orig_sess_map.clear();
+}
Review Comment:
With the allocate-once change, the destructor only runs at process exit when
all threads are stopped, so the mutex concern no longer applies. Keeping the
destructor for ASAN cleanliness at shutdown.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
