-
-
Notifications
You must be signed in to change notification settings - Fork 6.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OpenSSL-QUIC: memory leak when downgrading from HTTP/3 #14720
Comments
When a OpenSSL quic connection filter is aborted early, as the server was not responding, the ssl instances where not closed as they should. refs curl#14720
Thanks for the nice report and the fix. I have applied it in #14724. |
Thanks for the fast feedback! Unfortunately, I just noticed that my initial fix caused an AV with a HTTP/3 connection. This one fixes the downgrade leak without the AV. Maybe it is a better option? lib/connect.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/lib/connect.c b/lib/connect.c
index 9b68f15da5..13dad4c57a 100644
--- a/lib/connect.c
+++ b/lib/connect.c
@@ -490,6 +490,7 @@ static void baller_close(struct eyeballer *baller,
struct Curl_easy *data)
{
if(baller && baller->cf) {
+ baller->cf->cft->do_close(baller->cf, data);
Curl_conn_cf_discard_chain(&baller->cf, data);
}
} |
I added to the PR that the close only happens when the SSL* has been initialized. I think it is safer that "destroy" of the filter always cleans up, so callers should not worry. |
For the record: Your additional cleanup conditional in a2baa2b also fixes the AV. |
I did this
This minimum code generates a memory leak:
It is important that the server does not run HTTP/3 to force curl to downgrade. Without the downgrade (that said, no CURL_HTTP_VERSION_3), there is no leak.
The leak was introduced in cb17c06.
This patch fixes the leak, but I did not otherwise test for correctness or unwanted side effects.
I expected the following
No memory leak.
curl/libcurl version
GIT master as of today, Aug 28, 2024.
operating system
Windows 11 and OpenSSL 3.3.1.
The text was updated successfully, but these errors were encountered: