[squid-users] SSL bump memory leak

Amos Jeffries squid3 at treenet.co.nz
Wed Feb 24 22:37:03 UTC 2016


On 24/02/2016 11:17 p.m., Steve Hill wrote:
> On 23/02/16 21:28, Amos Jeffries wrote:
> 
>> Ah, you said "a small number" of wiki cert strings with those details. I
>> took that as meaning a small number of definitely squid generated ones
>> amidst the 130K indeterminate ones leaking.
> 
> Ah, a misunderstanding on my part - sorry.  Yes, there were 302 strings
> containing "signTrusted" (77 of them unique), all of them appear to be
> server certificates (i.e. with a CN containing a domain name), so it is
> possibly reasonable to assume that they were for in-progress sessions
> and would therefore be cleaned up.
> 
> This leaves around 131297 other subject/issuer strings (581 unique)
> which, to my mind, can't be explained by anything other than a leak
> (whether that be a "real" leak where the pointers have been discarded
> without freeing the data, or a "pseudo" leak caused by references to
> them being held forever).
> 

I agree its amost certainly a leak.

Christos and William L. have been fixed some leaks in the Squid-4 cert
generator non-caching configs recently. I'm not sure yet if its
applicable to 3.5 or not, but from the sounds of this it very well could
be the same thing.
Unfortunately the code is quite a bit different in this area now so the
patches wont directly prot. I think you had best get in touch with
Christos about this.

Amos



More information about the squid-users mailing list