[squid-users] SSL bump memory leak

Dan Charlesworth dan at getbusi.com
Wed Feb 24 22:44:51 UTC 2016


I’m just catching up with this one, but we’ve observed some memory leaks on a small percentage of our boxes, which we migrated to Peek & Splice late last year. 

We’re on 3.5.13, about to move to 3.5.15.

What’s the least disruptive way to keep this under control, if there is one?

Is there anything I can do to help get it patched?

> On 25 Feb 2016, at 9:37 AM, Amos Jeffries <squid3 at treenet.co.nz> wrote:
> 
> On 24/02/2016 11:17 p.m., Steve Hill wrote:
>> On 23/02/16 21:28, Amos Jeffries wrote:
>> 
>>> Ah, you said "a small number" of wiki cert strings with those details. I
>>> took that as meaning a small number of definitely squid generated ones
>>> amidst the 130K indeterminate ones leaking.
>> 
>> Ah, a misunderstanding on my part - sorry.  Yes, there were 302 strings
>> containing "signTrusted" (77 of them unique), all of them appear to be
>> server certificates (i.e. with a CN containing a domain name), so it is
>> possibly reasonable to assume that they were for in-progress sessions
>> and would therefore be cleaned up.
>> 
>> This leaves around 131297 other subject/issuer strings (581 unique)
>> which, to my mind, can't be explained by anything other than a leak
>> (whether that be a "real" leak where the pointers have been discarded
>> without freeing the data, or a "pseudo" leak caused by references to
>> them being held forever).
>> 
> 
> I agree its amost certainly a leak.
> 
> Christos and William L. have been fixed some leaks in the Squid-4 cert
> generator non-caching configs recently. I'm not sure yet if its
> applicable to 3.5 or not, but from the sounds of this it very well could
> be the same thing.
> Unfortunately the code is quite a bit different in this area now so the
> patches wont directly prot. I think you had best get in touch with
> Christos about this.
> 
> Amos
> 
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users



More information about the squid-users mailing list