openssl 1.1.1 memory overuse/leak
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openssl (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
[Impact]
At some point in the past do_ssl3_write() used to return the number of
bytes written, or a value <= 0 on error.
With libssl1.11 it now just returns a success/
error code and writes the number of bytes written to |tmpwrit|.
The SSL_MODE_
for the number of bytes written rather than |tmpwrit|. This has the effect
that the buffers are not released when they are supposed to be.
Thus such software as nginx currenty use significantly more memory compared to libssl1.0.
[Test Case]
Use 'top' to measure the memory usage by nginx with ssl configured.
Example:
No memory overuse:
ii libssl1.1:amd64 1.1.0g-2ubuntu4 amd64 Secure Sockets Layer toolkit - shared libraries
https:/
2,5x memory overuse:
ii libssl1.1:amd64 1.1.1-1ubuntu2.
https:/
[Regression Potential]
Low. This particular fix is tiny (https:/
[Other Info]
The fix has been tested by nginx team and it solved the memory overuse issue.
Thanks for reporting this issue - this sounds like it might be suitable as a StableReleaseUpdate - in particular the Regressions section https:/ /wiki.ubuntu. com/StableRelea seUpdates# Regressions sounds relevant in this case. Could you please adapt this bug report following the template in https:/ /wiki.ubuntu. com/StableRelea seUpdates# Procedure?