user/5073: httpd/ssl leaks file descriptors

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

user/5073: httpd/ssl leaks file descriptors

Darrin Chandler-3
>Number:         5073
>Category:       user
>Synopsis:       httpd/ssl leaks file descriptors
>Confidential:   yes
>Severity:       non-critical
>Priority:       low
>Responsible:    bugs
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon Apr 10 16:40:02 GMT 2006
>Originator:     Darrin Chandler
>Release:        OPENBSD_3_8
        System      : OpenBSD 3.8-stable
        Architecture: any
        Machine     : any
        httpd w/ssl leaks file descriptors when a session is not found
        in the scache dbm (new or expired session). Eventually httpd will
        give "Access denied / too many open files" errors to clients.
        Browse any https page with a refresh of 300+ seconds (mrtg, etc.)
        and use 'fstat /var/www/logs/ssl_scache.db' and watch it grow over
When the file is open then close it before returning!

I test this patch against 3.8-stable on i386 and sparc64. I have not tested
with current but the patch applies clean (with -5 offset.)

--- ssl_scache_dbm.c    Sun Feb 13 08:14:56 2005
+++        Sun Apr  9 09:17:47 2006
@@ -235,14 +235,18 @@
     /* immediately return if not found */
-    if (dbmval.dptr == NULL || dbmval.dsize <= sizeof(time_t))
+    if (dbmval.dptr == NULL || dbmval.dsize <= sizeof(time_t)) {
+        ssl_dbm_close(dbm);
         return NULL;
+    }
     /* parse resulting data */
     nData = dbmval.dsize-sizeof(time_t);
     ucpData = (UCHAR *)malloc(nData);
-    if (ucpData == NULL)
+    if (ucpData == NULL) {
+        ssl_dbm_close(dbm);
         return NULL;
+    }
     memcpy(ucpData, (char *)dbmval.dptr+sizeof(time_t), nData);
     memcpy(&expiry, dbmval.dptr, sizeof(time_t));