summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRainer Gerhards <rgerhards@adiscon.com>2011-06-14 12:52:02 +0200
committerRainer Gerhards <rgerhards@adiscon.com>2011-06-14 12:52:02 +0200
commitbcd956d4d500040808b920e468529da94a1e33c8 (patch)
tree30dc8ac23c848c69a9e06173b0ace544a2c93ac7
parentf847c2dda32488034f252e3bbd1a267714b99ff0 (diff)
downloadrsyslog-bcd956d4d500040808b920e468529da94a1e33c8.tar.gz
rsyslog-bcd956d4d500040808b920e468529da94a1e33c8.tar.xz
rsyslog-bcd956d4d500040808b920e468529da94a1e33c8.zip
bugfix: memory leak in imtcp & subsystems under some circumstances
This leak is tied to error conditions which lead to incorrect cleanup of some data structures. [backport from v6, limited testing under v4]
-rw-r--r--ChangeLog3
-rw-r--r--runtime/nsd_gtls.c3
-rw-r--r--tcpsrv.c10
3 files changed, 12 insertions, 4 deletions
diff --git a/ChangeLog b/ChangeLog
index 9bc775a4..39a66f5d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,8 @@
---------------------------------------------------------------------------
Version 4.6.6 [v4-stable] (rgerhards), 2010-11-??
+- bugfix: memory leak in imtcp & subsystems under some circumstances
+ This leak is tied to error conditions which lead to incorrect cleanup
+ of some data structures. [backport from v6, limited testing under v4]
- bugfix: invalid processing in QUEUE_FULL condition
If the the multi-submit interface was used and a QUEUE_FULL condition
occured, the failed message was properly destructed. However, the
diff --git a/runtime/nsd_gtls.c b/runtime/nsd_gtls.c
index fb2e219d..e1dcf870 100644
--- a/runtime/nsd_gtls.c
+++ b/runtime/nsd_gtls.c
@@ -1118,6 +1118,7 @@ gtlsEndSess(nsd_gtls_t *pThis)
}
}
gnutls_deinit(pThis->sess);
+ pThis->bHaveSess = 0;
}
RETiRet;
}
@@ -1171,6 +1172,8 @@ CODESTARTobjDestruct(nsd_gtls)
gnutls_x509_crt_deinit(pThis->ourCert);
if(pThis->bOurKeyIsInit)
gnutls_x509_privkey_deinit(pThis->ourKey);
+ if(pThis->bHaveSess)
+ gnutls_deinit(pThis->sess);
ENDobjDestruct(nsd_gtls)
diff --git a/tcpsrv.c b/tcpsrv.c
index 0581828e..8c992f79 100644
--- a/tcpsrv.c
+++ b/tcpsrv.c
@@ -477,7 +477,7 @@ Run(tcpsrv_t *pThis)
int iTCPSess;
int bIsReady;
tcps_sess_t *pNewSess;
- nssel_t *pSel;
+ nssel_t *pSel = NULL;
ssize_t iRcvd;
ISOBJ_TYPE_assert(pThis, tcpsrv);
@@ -521,8 +521,8 @@ Run(tcpsrv_t *pThis)
/* now check the sessions */
iTCPSess = TCPSessGetNxtSess(pThis, -1);
while(nfds && iTCPSess != -1) {
- CHKiRet(nssel.IsReady(pSel, pThis->pSessions[iTCPSess]->pStrm, NSDSEL_RD, &bIsReady, &nfds));
- if(bIsReady) {
+ localRet = nssel.IsReady(pSel, pThis->pSessions[iTCPSess]->pStrm, NSDSEL_RD, &bIsReady, &nfds);
+ if(bIsReady || localRet != RS_RET_OK) {
char buf[128*1024]; /* reception buffer - may hold a partial or multiple messages */
dbgprintf("netstream %p with new data\n", pThis->pSessions[iTCPSess]->pStrm);
@@ -576,7 +576,9 @@ finalize_it: /* this is a very special case - this time only we do not exit the
* crashed, which made sense (the rest of the engine was not prepared for
* that) -- rgerhards, 2008-05-19
*/
- /*EMPTY*/;
+ if(pSel != NULL) { /* cleanup missing? happens during err exit! */
+ nssel.Destruct(&pSel);
+ }
}
/* note that this point is usually not reached */