From 99b90af6213809a018e89988d7139f7048e97208 Mon Sep 17 00:00:00 2001 From: William Lallemand Date: Wed, 3 Jan 2018 19:15:51 +0100 Subject: [PATCH] BUG/MEDIUM: ssl: cache doesn't release shctx blocks Since the rework of the shctx with the hot list system, the ssl cache was putting session inside the hot list, without removing them. Once all block were used, they were all locked in the hot list, which was forbiding to reuse them for new sessions. Bug introduced by 4f45bb9 ("MEDIUM: shctx: separate ssl and shctx") Thanks to Jeffrey J. Persch for reporting this bug. Must be backported to 1.8. --- src/ssl_sock.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/ssl_sock.c b/src/ssl_sock.c index 163b6a13f..aecf3ddb7 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -3849,8 +3849,12 @@ static int sh_ssl_sess_store(unsigned char *s_id, unsigned char *data, int data_ first->len = sizeof(struct sh_ssl_sess_hdr); } - if (shctx_row_data_append(ssl_shctx, first, data, data_len) < 0) + if (shctx_row_data_append(ssl_shctx, first, data, data_len) < 0) { + shctx_row_dec_hot(ssl_shctx, first); return 0; + } + + shctx_row_dec_hot(ssl_shctx, first); return 1; }