diff options
author | dvossel <dvossel@f38db490-d61c-443f-a65b-d21fe96a405b> | 2009-09-24 20:37:20 +0000 |
---|---|---|
committer | dvossel <dvossel@f38db490-d61c-443f-a65b-d21fe96a405b> | 2009-09-24 20:37:20 +0000 |
commit | 3f2a26dd7baf3f697d70d04c53feb6f85fb291b3 (patch) | |
tree | 492537a40a2967776a5434ba6342a4ea7794a71a /main/tcptls.c | |
parent | 4e9238c881531d905e5ccdbdd48e351d76f8a0cf (diff) |
fixes tcptls_session memory leak caused by ref count error
(closes issue #15939)
Reported by: dvossel
Review: https://reviewboard.asterisk.org/r/375/
git-svn-id: http://svn.digium.com/svn/asterisk/trunk@220365 f38db490-d61c-443f-a65b-d21fe96a405b
Diffstat (limited to 'main/tcptls.c')
-rw-r--r-- | main/tcptls.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/main/tcptls.c b/main/tcptls.c index e51d7a208..e92209b3c 100644 --- a/main/tcptls.c +++ b/main/tcptls.c @@ -122,6 +122,8 @@ static void session_instance_destructor(void *obj) * creates a FILE * from the fd passed by the accept thread. * This operation is potentially expensive (certificate verification), * so we do it in the child thread context. +* +* \note must decrement ref count before returning NULL on error */ static void *handle_tls_connection(void *data) { @@ -196,6 +198,7 @@ static void *handle_tls_connection(void *data) if (peer) X509_free(peer); fclose(tcptls_session->f); + ao2_ref(tcptls_session, -1); return NULL; } } @@ -262,6 +265,7 @@ void *ast_tcptls_server_root(void *data) tcptls_session->client = 0; + /* This thread is now the only place that controls the single ref to tcptls_session */ if (ast_pthread_create_detached_background(&launched, NULL, handle_tls_connection, tcptls_session)) { ast_log(LOG_WARNING, "Unable to launch helper thread: %s\n", strerror(errno)); close(tcptls_session->fd); @@ -418,8 +422,9 @@ struct ast_tcptls_session_instance *ast_tcptls_client_start(struct ast_tcptls_se __ssl_setup(desc->tls_cfg, 1); } - ao2_ref(tcptls_session, +1); - if (!handle_tls_connection(tcptls_session)) + /* handle_tls_connection controls the single ref to tcptls_session. If + * tcptls_session returns NULL then the session has been destroyed */ + if (!(tcptls_session = handle_tls_connection(tcptls_session))) goto error; return tcptls_session; |