[apache2] 03/05: Fix mod_ssl memory leak

Stefan Fritsch sf at moszumanska.debian.org
Tue Nov 18 14:31:05 UTC 2014 

This is an automated email from the git hooks/post-receive script.

sf pushed a commit to branch master
in repository apache2.

commit 1cc103cf25f223071a6be87dbe4a87c3d6a3e7e0
Author: Stefan Fritsch <sf at sfritsch.de>
Date:   Tue Nov 18 14:53:46 2014 +0100

    Fix mod_ssl memory leak
---
 debian/changelog                    |  1 +
 debian/patches/mod_ssl_memleak.diff | 21 +++++++++++++++++++++
 debian/patches/series               |  1 +
 3 files changed, 23 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 0bcd831..5fbce09 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -6,6 +6,7 @@ apache2 (2.4.10-8) UNRELEASED; urgency=medium
     script. (CVE-2014-3583). Fix similar bug in mod_authnz_fcgi even
     though it does not seem to be exploitable.
   * mpm_event: Fix use-after-free that may lead to a server crash.
+  * mod_ssl: Fix memory leak on graceful restart. Closes: #754492
 
  -- Stefan Fritsch <sf at debian.org>  Mon, 17 Nov 2014 00:38:07 +0100
 
diff --git a/debian/patches/mod_ssl_memleak.diff b/debian/patches/mod_ssl_memleak.diff
new file mode 100644
index 0000000..888d3c4
--- /dev/null
+++ b/debian/patches/mod_ssl_memleak.diff
@@ -0,0 +1,21 @@
+# http://svn.apache.org/viewvc?view=revision&revision=1638772
+#
+# * mod_ssl: call ERR_free_strings() with OpenSSL >= 0.9.8e.
+#   Fixes memory leak in mod_ssl on graceful restart. PR 53435.
+--- apache2.orig/modules/ssl/mod_ssl.c
++++ apache2/modules/ssl/mod_ssl.c
+@@ -299,9 +299,12 @@ static apr_status_t ssl_cleanup_pre_conf
+ #endif
+     ERR_remove_state(0);
+ 
+-    /* Don't call ERR_free_strings here; ERR_load_*_strings only
+-     * actually load the error strings once per process due to static
++    /* Don't call ERR_free_strings in earlier versions, ERR_load_*_strings only
++     * actually loaded the error strings once per process due to static
+      * variable abuse in OpenSSL. */
++#if (OPENSSL_VERSION_NUMBER >= 0x00090805f)
++    ERR_free_strings();
++#endif
+ 
+     /* Also don't call CRYPTO_cleanup_all_ex_data here; any registered
+      * ex_data indices may have been cached in static variables in
diff --git a/debian/patches/series b/debian/patches/series
index 434fcee..eaab7ca 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -8,3 +8,4 @@ pull_upstream_2.4.x_branch.patch
 #suexec-custom.patch
 CVE-2014-3583_mod_proxy_fcgi.diff
 mpm_event_use_after_free.diff
+mod_ssl_memleak.diff

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-apache/apache2.git

More information about the Pkg-apache-commits mailing list