[apache2] 03/05: Fix mod_ssl memory leak
Stefan Fritsch
sf at moszumanska.debian.org
Tue Nov 18 14:31:05 UTC 2014
This is an automated email from the git hooks/post-receive script.
sf pushed a commit to branch master
in repository apache2.
commit 1cc103cf25f223071a6be87dbe4a87c3d6a3e7e0
Author: Stefan Fritsch <sf at sfritsch.de>
Date: Tue Nov 18 14:53:46 2014 +0100
Fix mod_ssl memory leak
---
debian/changelog | 1 +
debian/patches/mod_ssl_memleak.diff | 21 +++++++++++++++++++++
debian/patches/series | 1 +
3 files changed, 23 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index 0bcd831..5fbce09 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -6,6 +6,7 @@ apache2 (2.4.10-8) UNRELEASED; urgency=medium
script. (CVE-2014-3583). Fix similar bug in mod_authnz_fcgi even
though it does not seem to be exploitable.
* mpm_event: Fix use-after-free that may lead to a server crash.
+ * mod_ssl: Fix memory leak on graceful restart. Closes: #754492
-- Stefan Fritsch <sf at debian.org> Mon, 17 Nov 2014 00:38:07 +0100
diff --git a/debian/patches/mod_ssl_memleak.diff b/debian/patches/mod_ssl_memleak.diff
new file mode 100644
index 0000000..888d3c4
--- /dev/null
+++ b/debian/patches/mod_ssl_memleak.diff
@@ -0,0 +1,21 @@
+# http://svn.apache.org/viewvc?view=revision&revision=1638772
+#
+# * mod_ssl: call ERR_free_strings() with OpenSSL >= 0.9.8e.
+# Fixes memory leak in mod_ssl on graceful restart. PR 53435.
+--- apache2.orig/modules/ssl/mod_ssl.c
++++ apache2/modules/ssl/mod_ssl.c
+@@ -299,9 +299,12 @@ static apr_status_t ssl_cleanup_pre_conf
+ #endif
+ ERR_remove_state(0);
+
+- /* Don't call ERR_free_strings here; ERR_load_*_strings only
+- * actually load the error strings once per process due to static
++ /* Don't call ERR_free_strings in earlier versions, ERR_load_*_strings only
++ * actually loaded the error strings once per process due to static
+ * variable abuse in OpenSSL. */
++#if (OPENSSL_VERSION_NUMBER >= 0x00090805f)
++ ERR_free_strings();
++#endif
+
+ /* Also don't call CRYPTO_cleanup_all_ex_data here; any registered
+ * ex_data indices may have been cached in static variables in
diff --git a/debian/patches/series b/debian/patches/series
index 434fcee..eaab7ca 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -8,3 +8,4 @@ pull_upstream_2.4.x_branch.patch
#suexec-custom.patch
CVE-2014-3583_mod_proxy_fcgi.diff
mpm_event_use_after_free.diff
+mod_ssl_memleak.diff
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-apache/apache2.git
More information about the Pkg-apache-commits
mailing list