Memory leak in outgoing https connections

Maxim Dounin mdounin at mdounin.ru
Thu Jul 21 21:58:44 UTC 2011


Hello!

On Thu, Jul 21, 2011 at 12:44:50PM -0400, knyar wrote:

> Hi!
> 
> I believe, there is a memory leak in nginx somewhere in handling
> outgoing HTTPS connections. I am using it as a simple http-to-https
> proxy. My configuration is the following:
> 
> resolver 8.8.8.8;
> server {
>     listen   127.0.0.1:81;
>     server_name  localhost;
>     access_log  off;
>     location / {
>             proxy_pass $http_x_proxy_url;
>     }
> }
> 
> When I try to run something like:
> bash -c "while :; do curl -H 'X-Proxy-Url: https://any-https-site.tld/'
> http://localhost:81/; done"
> 
> I see nginx eating more and more memory with each request.

Thank you for report, attached patch fixes the leak.

Workaround is "proxy_ssl_session_reuse off;".

Maxim Dounin
-------------- next part --------------
# HG changeset patch
# User Maxim Dounin <mdounin at mdounin.ru>
# Date 1311285311 -14400
# Node ID 024d5976f5410e49fcbf4fc967bb0d0a28568c0f
# Parent  9b978fa3cd3356f633d83adb05bcdf5c55dd487a
Upstream: fix memory leak with resolved peers and ssl.

As round robin peers created with ngx_http_upstream_create_round_robin_peer()
are allocated from request pool saved ssl sessions leaked on request
destruction.  Since saving sessions is useless here anyway (each peer is only
used once) - fix this by not saving sessions at all.

diff --git a/src/http/ngx_http_upstream_round_robin.c b/src/http/ngx_http_upstream_round_robin.c
--- a/src/http/ngx_http_upstream_round_robin.c
+++ b/src/http/ngx_http_upstream_round_robin.c
@@ -15,6 +15,16 @@ static ngx_uint_t
 ngx_http_upstream_get_peer(ngx_http_upstream_rr_peers_t *peers);
 
 
+#if (NGX_HTTP_SSL)
+
+static ngx_int_t ngx_http_upstream_dummy_set_session(ngx_peer_connection_t *pc,
+    void *data);
+static void ngx_http_upstream_dummy_save_session(ngx_peer_connection_t *pc,
+    void *data);
+
+#endif
+
+
 ngx_int_t
 ngx_http_upstream_init_round_robin(ngx_conf_t *cf,
     ngx_http_upstream_srv_conf_t *us)
@@ -343,10 +353,8 @@ ngx_http_upstream_create_round_robin_pee
     r->upstream->peer.free = ngx_http_upstream_free_round_robin_peer;
     r->upstream->peer.tries = rrp->peers->number;
 #if (NGX_HTTP_SSL)
-    r->upstream->peer.set_session =
-                               ngx_http_upstream_set_round_robin_peer_session;
-    r->upstream->peer.save_session =
-                               ngx_http_upstream_save_round_robin_peer_session;
+    r->upstream->peer.set_session = ngx_http_upstream_dummy_set_session;
+    r->upstream->peer.save_session = ngx_http_upstream_dummy_save_session;
 #endif
 
     return NGX_OK;
@@ -688,6 +696,20 @@ ngx_http_upstream_free_round_robin_peer(
 
 #if (NGX_HTTP_SSL)
 
+static ngx_int_t
+ngx_http_upstream_dummy_set_session(ngx_peer_connection_t *pc, void *data)
+{
+    return NGX_OK;
+}
+
+
+static void
+ngx_http_upstream_dummy_save_session(ngx_peer_connection_t *pc, void *data)
+{
+    return;
+}
+
+
 ngx_int_t
 ngx_http_upstream_set_round_robin_peer_session(ngx_peer_connection_t *pc,
     void *data)


More information about the nginx mailing list