[Bugs] [Bug 1707227] glusterfsd memory leak after enable tls/ssl

bugzilla at redhat.com bugzilla at redhat.com
Thu Jul 25 05:25:31 UTC 2019 

https://bugzilla.redhat.com/show_bug.cgi?id=1707227

zhou lin <zz.sh.cynthia at gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
              Flags|needinfo?(zz.sh.cynthia at gma |
                   |il.com)                     |



--- Comment #5 from zhou lin <zz.sh.cynthia at gmail.com> ---
unfortunately , the version i use is already different from the master branch ,
the ssl_ctx is shared one in my version and in master branch each connection
has seperate ssl_ctx, so the method i use to fix the memory leak does not apply
to the master branch

although my test shows even in master branch this memory leak also exists.
the patch i use in my version can fix the memory leak issue:

--- a/rpc/rpc-transport/socket/src/socket.c
+++ b/rpc/rpc-transport/socket/src/socket.c
@@ -367,6 +367,7 @@ static char *ssl_setup_connection_postfix(rpc_transport_t
*this) {
   gf_log(this->name, GF_LOG_DEBUG,
          "SSL verification succeeded (client: %s) (server: %s)",
          this->peerinfo.identifier, this->myinfo.identifier);
+  X509_free(peer);
   return gf_strdup(peer_CN);

   /* Error paths. */
@@ -1019,7 +1020,16 @@ static void __socket_reset(rpc_transport_t *this) {
   memset(&priv->incoming, 0, sizeof(priv->incoming));

   event_unregister_close(this->ctx->event_pool, priv->sock, priv->idx);
-
+  if(priv->use_ssl&& priv->ssl_ssl)
+  {
+    gf_log(this->name, GF_LOG_INFO,
+           "clear and reset for socket(%d), free ssl ",
+           priv->sock);
+    // SSL_shutdown(priv->ssl_ssl);
+    SSL_clear(priv->ssl_ssl);
+    SSL_free(priv->ssl_ssl);
+    priv->ssl_ssl = NULL;
+  }
   priv->sock = -1;
   priv->idx = -1;
   priv->connected = -1;
@@ -4238,6 +4248,16 @@ void fini(rpc_transport_t *this) {
     pthread_mutex_destroy(&priv->out_lock);
     pthread_mutex_destroy(&priv->cond_lock);
     pthread_cond_destroy(&priv->cond);
+    if(priv->use_ssl&& priv->ssl_ssl)
+    {
+      gf_log(this->name, GF_LOG_TRACE,
+           "clear and reset for socket(%d), free ssl ",
+           priv->sock);
+      // SSL_shutdown(priv->ssl_ssl);
+      SSL_clear(priv->ssl_ssl);
+      SSL_free(priv->ssl_ssl);
+      priv->ssl_ssl = NULL;
+    }
     if (priv->ssl_private_key) {
       GF_FREE(priv->ssl_private_key);
     }

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.

More information about the Bugs mailing list