diff --git a/src/iocore/net/SSLConfig.cc b/src/iocore/net/SSLConfig.cc index 6aaf8c2374b..bbf80592399 100644 --- a/src/iocore/net/SSLConfig.cc +++ b/src/iocore/net/SSLConfig.cc @@ -453,7 +453,7 @@ SSLConfigParams::initialize() SSLConfigParams::origin_session_cache = ssl_origin_session_cache; SSLConfigParams::origin_session_cache_size = ssl_origin_session_cache_size; - if (ssl_origin_session_cache == 1 && ssl_origin_session_cache_size > 0) { + if (ssl_origin_session_cache == 1 && ssl_origin_session_cache_size > 0 && origin_sess_cache == nullptr) { origin_sess_cache = new SSLOriginSessionCache(); } @@ -472,6 +472,7 @@ SSLConfigParams::initialize() set_paths_helper(ssl_ocsp_response_path, nullptr, &ssl_ocsp_response_path_only, nullptr); } if (auto rec_str{RecGetRecordStringAlloc("proxy.config.http.request_via_str")}; rec_str) { + ats_free(ssl_ocsp_user_agent); ssl_ocsp_user_agent = ats_stringdup(rec_str); } @@ -861,6 +862,11 @@ SSLTicketParams::cleanup() void cleanup_bio(BIO *&biop) { + // BIO_new_mem_buf sets BIO_FLAGS_MEM_RDONLY which prevents BIO_free from + // cleaning up internal BUF_MEM structures. Clear this flag so BIO_free + // properly releases them. BIO_NOCLOSE ensures the external data buffer + // (owned by the caller's std::string) is not freed. + BIO_clear_flags(biop, BIO_FLAGS_MEM_RDONLY); #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wunused-value" BIO_set_close(biop, BIO_NOCLOSE); diff --git a/src/iocore/net/SSLSessionCache.cc b/src/iocore/net/SSLSessionCache.cc index 9f6c52fa949..2a68f268683 100644 --- a/src/iocore/net/SSLSessionCache.cc +++ b/src/iocore/net/SSLSessionCache.cc @@ -43,7 +43,13 @@ SSLSessDeleter(SSL_SESSION *_p) SSLOriginSessionCache::SSLOriginSessionCache() {} -SSLOriginSessionCache::~SSLOriginSessionCache() {} +SSLOriginSessionCache::~SSLOriginSessionCache() +{ + while (auto *node = orig_sess_que.pop()) { + delete node; + } + orig_sess_map.clear(); +} void SSLOriginSessionCache::insert_session(const std::string &lookup_key, SSL_SESSION *sess, SSL *ssl)