openssl 1.1.1 memory overuse/leak
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| openssl (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Bug Description
[Impact]
At some point in the past do_ssl3_write() used to return the number of
bytes written, or a value <= 0 on error.
With libssl1.11 it now just returns a success/
error code and writes the number of bytes written to |tmpwrit|.
The SSL_MODE_
for the number of bytes written rather than |tmpwrit|. This has the effect
that the buffers are not released when they are supposed to be.
Thus such software as nginx currenty use significantly more memory compared to libssl1.0.
[Test Case]
Use 'top' to measure the memory usage by nginx with ssl configured.
Example:
No memory overuse:
ii libssl1.1:amd64 1.1.0g-2ubuntu4 amd64 Secure Sockets Layer toolkit - shared libraries
https:/
2,5x memory overuse:
ii libssl1.1:amd64 1.1.1-1ubuntu2.
https:/
[Regression Potential]
Low. This particular fix is tiny (https:/
[Other Info]
The fix has been tested by nginx team and it solved the memory overuse issue.
| Alex Murray (alexmurray) wrote | #1 |
| Sergey (psvmcc-s) wrote | #2 |
| Adrien Nader (adrien) wrote | #4 |
| Changed in openssl (Ubuntu): | |
| status: | New → Fix Released |
Thanks for reporting this issue - this sounds like it might be suitable as a StableReleaseUpdate - in particular the Regressions section https:/