[jira] [Work logged] (TS-4858) Global session ticket key block leaks.

Wed, 05 Oct 2016 12:18:44 -0700 

     [ 
https://issues.apache.org/jira/browse/TS-4858?focusedWorklogId=30192&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-30192
 ]

ASF GitHub Bot logged work on TS-4858:
--------------------------------------

                Author: ASF GitHub Bot
            Created on: 05/Oct/16 19:17
            Start Date: 05/Oct/16 19:17
    Worklog Time Spent: 10m 
      Work Description: Github user jpeach commented on a diff in the pull 
request:

    https://github.com/apache/trafficserver/pull/1024#discussion_r82046288
  
    --- Diff: iocore/net/SSLConfig.cc ---
    @@ -243,6 +245,21 @@ SSLConfigParams::initialize()
       ats_free(ssl_server_ca_cert_filename);
       ats_free(CACertRelativePath);
     
    +  REC_ReadConfigStringAlloc(ticket_key_filename, 
"proxy.config.ssl.server.ticket_key.filename");
    +  int ticket_key_len;
    +  ats_scoped_str 
ticket_key_path(Layout::relative_to(this->serverCertPathOnly, 
this->ticket_key_filename));
    +  ats_scoped_str ticket_key_data;
    +  if (ticket_key_filename != NULL) {
    +    ticket_key_data = readIntoBuffer(ticket_key_path, __func__, 
&ticket_key_len);
    +  } else {
    +    // Generate a random ticket key
    +    ticket_key_len  = 48;
    +    ticket_key_data = (char *)ats_malloc(ticket_key_len);
    +    char *tmp_ptr   = ticket_key_data;
    +    RAND_bytes(reinterpret_cast<unsigned char *>(tmp_ptr), ticket_key_len);
    +  }
    --- End diff --
    
    Simplify to this:
    ```C
    if (ticket_key_filename) {
      int len;
      ats_scoped_str path(Layout::relative_to(this->serverCertPathOnly, 
this->ticket_key_filename));
      ats_scoped_str data = readIntoBuffer(path, __func__, &len);
    
      // XXX error checking?
    
      default_global_keyblock = ticket_block_XXX(data, len);
    } else {
        ssl_ticket_key_t key;
        RAND_bytes(&key, sizeof(key));
    
       default_global_keyblock = ticket_block_XXX(&key, sizeof(key));
    }
    
    ```
    
    *or*
    
    Add additional ticket block APIs:
    ```C
     ssl_ticket_key_block *ticket_block_alloc_random(unsigned count);
     ssl_ticket_key_block *ticket_block_read(const char *path);
    ```


Issue Time Tracking
-------------------

    Worklog Id:     (was: 30192)
    Time Spent: 1.5h  (was: 1h 20m)

> Global session ticket key block leaks.
> --------------------------------------
>
>                 Key: TS-4858
>                 URL: https://issues.apache.org/jira/browse/TS-4858
>             Project: Traffic Server
>          Issue Type: Bug
>          Components: SSL
>            Reporter: James Peach
>            Assignee: Syeda Persia Aziz
>             Fix For: 7.1.0
>
>          Time Spent: 1.5h
>  Remaining Estimate: 0h
>
> From source inspection, ``global_default_keyblock`` is always assigned so it 
> will leak on configuration reload.
> Have not reproduced this since I wasn't able to get SSL config reload to work 
> :-(



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to