From ff54771cd1573793429d4f5970628b7b9bba7f21 Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Wed, 23 Nov 2016 08:48:09 +0200 Subject: [PATCH] Store old server SSL configurations If the SSL configuration of a server was altered successfully, it would overwrite an existing configuration leading to a true memory leak. Converting the SSL_LISTENER structure to a list allows it to store the old configurations without leaking the memory. This has no functional benefits apart from storing references which could aid in debugging. In the future, the discarded configurations could be freed once all connections that use it are closed. --- include/maxscale/config_runtime.h | 4 +++- include/maxscale/gw_ssl.h | 1 + server/core/config_runtime.c | 6 ++++++ 3 files changed, 10 insertions(+), 1 deletion(-) diff --git a/include/maxscale/config_runtime.h b/include/maxscale/config_runtime.h index acb56bba8..cc29f775c 100644 --- a/include/maxscale/config_runtime.h +++ b/include/maxscale/config_runtime.h @@ -96,6 +96,8 @@ bool runtime_alter_server(SERVER *server, char *key, char *value); * The @c key , @c cert and @c ca parameters are required. @c version and @c depth * are optional. * + * @note SSL cannot be disabled at runtime. + * * @param server Server to configure * @param key Path to SSL private key * @param cert Path to SSL public certificate @@ -110,7 +112,7 @@ bool runtime_enable_server_ssl(SERVER *server, const char *key, const char *cert /** * @brief Alter monitor parameters * - * @param monitor Monitor to aler + * @param monitor Monitor to alter * @param key Key to modify * @param value New value * @return True if @c key was one of the supported parameters diff --git a/include/maxscale/gw_ssl.h b/include/maxscale/gw_ssl.h index d15733e79..db6be67c1 100644 --- a/include/maxscale/gw_ssl.h +++ b/include/maxscale/gw_ssl.h @@ -71,6 +71,7 @@ typedef struct ssl_listener char *ssl_key; /*< SSL private key */ char *ssl_ca_cert; /*< SSL CA certificate */ bool ssl_init_done; /*< If SSL has already been initialized for this service */ + struct ssl_listener *next; /*< Next SSL configuration, currently used to store obsolete configurations */ } SSL_LISTENER; int ssl_authenticate_client(struct dcb *dcb, bool is_capable); diff --git a/server/core/config_runtime.c b/server/core/config_runtime.c index 854be86be..5858a13b6 100644 --- a/server/core/config_runtime.c +++ b/server/core/config_runtime.c @@ -211,6 +211,12 @@ bool runtime_enable_server_ssl(SERVER *server, const char *key, const char *cert if (err == 0 && ssl && listener_init_SSL(ssl) == 0) { + /** TODO: Properly discard old SSL configurations + * + * This could cause the loss of a pointer if two update + * operations are done at the same time.*/ + ssl->next = server->server_ssl; + /** Sync to prevent reads on partially initialized server_ssl */ atomic_synchronize();