[asterisk-dev] [Code Review] Resolve memory leaks in TLS

opticron reviewboard at asterisk.org
Fri Sep 14 12:36:48 CDT 2012 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviewboard.asterisk.org/r/2105/#review7067
-----------------------------------------------------------

Ship it!


This looks good to go!

In the description, you should be referencing ERR_load_crypto_strings instead of SSL_load_crypto_strings.

- opticron


On Sept. 11, 2012, 2:22 p.m., Matt Jordan wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviewboard.asterisk.org/r/2105/
> -----------------------------------------------------------
> 
> (Updated Sept. 11, 2012, 2:22 p.m.)
> 
> 
> Review request for Asterisk Developers.
> 
> 
> Summary
> -------
> 
> Due to the tireless efforts of Thomas Arimont, two sources memory leaks in TLS have been discovered.  These are:
> 
> * Improper initialization (and multiple re-initializations) of portions of the SSL library.  You should only need to call SSL_library_init() and SSL_load_error_strings() once; OpenSSL_add_all_algorithms is already accounted for by SSL_library_init, and SSL_load_crypto_strings is already accounted for by SSL_load_error_strings.  This action was happening multiple times as well when setting up an SSL session.
> * Failure to completely clean up after a TLS client.  This included not clearing the error stack when the TLS client thread exited, and not disposing of the SSL_CTX object when the TLS client was finished.
> 
> This patch resolves both memory leaks, and removes some sleep(2) calls in off nominal paths.
> 
> 
> This addresses bug AST-889.
>     https://issues.asterisk.org/jira/browse/AST-889
> 
> 
> Diffs
> -----
> 
>   /branches/1.8/channels/chan_sip.c 372882 
>   /branches/1.8/main/ssl.c 372882 
>   /branches/1.8/main/tcptls.c 372882 
> 
> Diff: https://reviewboard.asterisk.org/r/2105/diff
> 
> 
> Testing
> -------
> 
> Tested by Thomas Arimont extensively.
> 
> 
> Thanks,
> 
> Matt
> 
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20120914/31a4a834/attachment.htm>

More information about the asterisk-dev mailing list