SERVER-10040 Fixed SSL memory leak for failed connects and accepts

author: Andreas Nilsson <andreas.nilsson@10gen.com> 2013-06-28 14:17:42 +0100
committer: Dan Pasette <dan@10gen.com> 2013-07-12 13:34:51 -0400
commit: d9a15614c71fbf4ee8ad457330b793b16f2336bc (patch)
tree: 16d274a114c7ea41a60e4a8c73e4d52f99808d78
parent: 35f6d48c1f3117f2191407dcfb1121da280c59c1 (diff)
download: mongo-d9a15614c71fbf4ee8ad457330b793b16f2336bc.tar.gz
1 files changed, 8 insertions, 7 deletions
diff --git a/src/mongo/util/net/ssl_manager.cpp b/src/mongo/util/net/ssl_manager.cpp
index dadc6b66f1b..83ecd5923da 100644
--- a/src/mongo/util/net/ssl_manager.cpp
+++ b/src/mongo/util/net/ssl_manager.cpp
@@ -298,17 +298,21 @@ namespace mongo {
     }
     SSL* SSLManager::connect(int fd) {
         SSL* ssl = _secure(fd);
+        ScopeGuard guard = MakeGuard(::SSL_free, ssl);
         int ret = _ssl_connect(ssl);
         if (ret != 1)
             _handleSSLError(SSL_get_error(ssl, ret));
+        guard.Dismiss();
         return ssl;
     }
 
     SSL* SSLManager::accept(int fd) {
         SSL* ssl = _secure(fd);
+        ScopeGuard guard = MakeGuard(::SSL_free, ssl);
         int ret = SSL_accept(ssl);
         if (ret != 1)
             _handleSSLError(SSL_get_error(ssl, ret));
+        guard.Dismiss();
         return ssl;
     }
 
@@ -362,35 +366,32 @@ namespace mongo {
             // accepts the socket connection but fails to do the SSL handshake in a timely
             // manner.
             error() << "SSL error: " << code << ", possibly timed out during connect" << endl;
-            throw SocketException(SocketException::CONNECT_ERROR, "");
             break;
 
         case SSL_ERROR_SYSCALL:
             if (code < 0) {
                 error() << "socket error: " << errnoWithDescription() << endl;
-                throw SocketException(SocketException::CONNECT_ERROR, "");
             }
-            error() << "could not negotiate SSL connection: EOF detected" << endl;
-            throw SocketException(SocketException::CONNECT_ERROR, "");
+            else {
+                error() << "could not negotiate SSL connection: EOF detected" << endl;
+            }
             break;
 
         case SSL_ERROR_SSL:
         {
             int ret = ERR_get_error();
             error() << _getSSLErrorMessage(ret) << endl;
-            throw SocketException(SocketException::CONNECT_ERROR, "");
             break;
         }
         case SSL_ERROR_ZERO_RETURN:
             error() << "could not negotiate SSL connection: EOF detected" << endl;
-            throw SocketException(SocketException::CONNECT_ERROR, "");
             break;
         
         default:
             error() << "unrecognized SSL error" << endl;
-            throw SocketException(SocketException::CONNECT_ERROR, "");
             break;
         }
+        throw SocketException(SocketException::CONNECT_ERROR, "");
     }
 }
author	Andreas Nilsson <andreas.nilsson@10gen.com>	2013-06-28 14:17:42 +0100
committer	Dan Pasette <dan@10gen.com>	2013-07-12 13:34:51 -0400
commit	d9a15614c71fbf4ee8ad457330b793b16f2336bc (patch)
tree	16d274a114c7ea41a60e4a8c73e4d52f99808d78
parent	35f6d48c1f3117f2191407dcfb1121da280c59c1 (diff)
download	mongo-d9a15614c71fbf4ee8ad457330b793b16f2336bc.tar.gz