[PATCH] Upstream: fix memory leak with resolved peers and ssl

Maxim Dounin mdounin at mdounin.ru
Tue Jul 26 21:23:04 UTC 2011


Hello!

On Tue, Jul 26, 2011 at 09:37:25PM +0200, Srebrenko Šehić wrote:

> On Fri, Jul 22, 2011 at 4:07 PM, Maxim Dounin <mdounin at mdounin.ru> wrote:
> 
> > Upstream: fix memory leak with resolved peers and ssl.
> >
> > As round robin peers created with ngx_http_upstream_create_round_robin_peer()
> > are allocated from request pool saved ssl sessions leaked on request
> > destruction.  Since saving sessions is useless here anyway (each peer is only
> > used once) - fix this by not saving sessions at all.
> 
> Is this only relevant for http -> https (where the backend protocol is
> SSL) or is this bug triggered as soon as you have SSL towards the
> backend?

This is triggered as long as you use https backend (original 
protocol with client doesn't matter) and peer is dynamically 
created (i.e. you use proxy_pass with variables, and resulting 
hostname doesn't match existing upstream{} blocks).  

That is, the following is safe:

    proxy_pass https://backend;

but this will leak:

    proxy_pass https://127.0.0.1$request_uri;

and require explicit

    proxy_ssl_session_reuse off;

as a workaround (till upcoming 1.1.0, the patch was already 
committed to trunk).

Maxim Dounin



More information about the nginx-devel mailing list