kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2025-09-03 03:20:57 +00:00
Code Issues Packages Projects Releases Wiki Activity

Resolve memory leaks in TLS initialization and TLS client connections

Browse Source 
This patch resolves two sources of memory leaks when using TLS in Asterisk:
1) It removes improper initialization (and multiple re-initializations) of
   portions of the SSL library.  Asterisk calls SSL_library_init and
   SSL_load_error_strings during SSL initialization; collectively this
   obviates the need for calling any of the following during initialization
   or client connection handling:
   * ERR_load_crypto_strings (handled by SSL_load_error_strings)
   * OpenSSL_add_all_algorithms (synonym for SSL_library_init)
   * SSLeay_add_ssl_algorithms (synonym for SSL_library_init)
2) Failure to completely clean up all memory allocated by Asterisk and by
   the SSL library for TLS clients.  This included not freeing the SSL_CTX
   object in the SIP channel driver, as well as not clearing the error
   stack when the TLS client exited.

Note that these memory leaks were found by Thomas Arimont, and this patch
was essentially written by him with some minor tweaks.

(closes issue AST-889)
Reported by: Thomas Arimont
Tested by: Thomas Arimont
patches:
  (bugAST-889.patch) by Thomas Arimont (license 5525)

Review: https://reviewboard.asterisk.org/r/2105
........

Merged revisions 373061 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........

Merged revisions 373062 from http://svn.asterisk.org/svn/asterisk/branches/10
........

Merged revisions 373079 from http://svn.asterisk.org/svn/asterisk/branches/11


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@373080 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This commit is contained in:
Matthew Jordan
2012-09-14 19:53:43 +00:00
parent f97510b730
commit f92bb6265c
3 changed files with 9 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
main/libasteriskssl.c
View File

@@ -158,7 +158,6 @@ int ast_ssl_init(void)
void (*real_CRYPTO_set_locking_callback)(void (*)(int, int, const char *, int));
void (*real_SSL_load_error_strings)(void);
void (*real_ERR_load_SSL_strings)(void);
void (*real_ERR_load_crypto_strings)(void);
void (*real_ERR_load_BIO_strings)(void);
const char *errstr;
@@ -220,17 +219,9 @@ int ast_ssl_init(void)
get_OpenSSL_function(ERR_load_SSL_strings);
real_ERR_load_SSL_strings();
get_OpenSSL_function(ERR_load_crypto_strings);
real_ERR_load_crypto_strings();
get_OpenSSL_function(ERR_load_BIO_strings);
real_ERR_load_BIO_strings();
#if 0
/* currently this is just another call to SSL_library_init, so we don't call it */
OpenSSL_add_all_algorithms();
#endif
startup_complete = 1;
#endif /* HAVE_OPENSSL */