summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorHeiko Schlittermann (HS12-RIPE) <hs@schlittermann.de>2016-11-23 12:02:26 +0100
committerHeiko Schlittermann (HS12-RIPE) <hs@schlittermann.de>2016-11-23 14:17:41 +0100
commited62aae3051c9a713d35c8ae516fbd193d1401ba (patch)
treedb525f2dd8e20cf0cd93a03cdda3002ff7cd28b3
parentf57231095d00c7875a2b028e07855f6374abd5cc (diff)
Fix memory leak on (Gnu)TLS close.
This leak doesn't show up under normal operation, as the process normally dies right after closing the session. But during callout repetitive TLS sessions are opened and closed from the same process (the process receiving the message). Depending on the amount of RAM and the number of callouts the same process does, this may be a problem. (On an amd64 machine with 4GB RAM, at about 1000 recipients the memory is exhausted.)
-rw-r--r--src/src/tls-gnu.c5
1 files changed, 5 insertions, 0 deletions
diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c
index 0dead1c18..10bfaca32 100644
--- a/src/src/tls-gnu.c
+++ b/src/src/tls-gnu.c
@@ -1836,6 +1836,7 @@ if (rc != GNUTLS_E_SUCCESS)
tls_error(US"gnutls_handshake", gnutls_strerror(rc), NULL);
(void) gnutls_alert_send_appropriate(state->session, rc);
gnutls_deinit(state->session);
+ gnutls_certificate_free_credentials(state->x509_cred);
millisleep(500);
shutdown(state->fd_out, SHUT_WR);
for (rc = 1024; fgetc(smtp_in) != EOF && rc > 0; ) rc--; /* drain skt */
@@ -2130,6 +2131,8 @@ if (shutdown)
}
gnutls_deinit(state->session);
+gnutls_certificate_free_credentials(state->x509_cred);
+
state->tlsp->active = -1;
memcpy(state, &exim_gnutls_state_init, sizeof(exim_gnutls_state_init));
@@ -2199,6 +2202,8 @@ if (state->xfer_buffer_lwm >= state->xfer_buffer_hwm)
receive_smtp_buffered = smtp_buffered;
gnutls_deinit(state->session);
+ gnutls_certificate_free_credentials(state->x509_cred);
+
state->session = NULL;
state->tlsp->active = -1;
state->tlsp->bits = 0;