c1a0a9ad8f
This memory leak was found by running the Valgrind testing mode against
lua-resty-core's `ssl-session-fetch.t` test suite:
TEST 5: yield during doing handshake with client which uses low version OpenSSL
==16956== 64 (32 direct, 32 indirect) bytes in 1 blocks are definitely lost in loss record 5 of 15
==16956== at 0x4C2B002: malloc (vg_replace_malloc.c:298)
==16956== by 0x5FFC868: CRYPTO_malloc (mem.c:222)
==16956== by 0x5FFC96F: CRYPTO_zalloc (mem.c:230)
==16956== by 0x603C54A: OPENSSL_sk_new_reserve (stack.c:209)
==16956== by 0x603C597: OPENSSL_sk_new_null (stack.c:118)
==16956== by 0x5C94A86: sk_SSL_CIPHER_new_null (ssl.h:960)
==16956== by 0x5C94A86: bytes_to_cipher_list (ssl_lib.c:5361)
==16956== by 0x5CB52E9: tls_early_post_process_client_hello (statem_srvr.c:1713)
==16956== by 0x5CB52E9: tls_post_process_client_hello (statem_srvr.c:2231)
==16956== by 0x5CB6F39: ossl_statem_server_post_process_message (statem_srvr.c:1218)
==16956== by 0x5CA4C11: read_state_machine (statem.c:664)
==16956== by 0x5CA4C11: state_machine (statem.c:434)
==16956== by 0x5CA538A: ossl_statem_accept (statem.c:255)
==16956== by 0x5C91759: SSL_do_handshake (ssl_lib.c:3609)
==16956== by 0x45456B: ngx_ssl_handshake (ngx_event_openssl.c:1606)
==16956== by 0x4698D3: ngx_http_ssl_handshake (ngx_http_request.c:751)
==16956== by 0x44ECA8: ngx_epoll_process_events (ngx_epoll_module.c:901)
==16956== by 0x443E94: ngx_process_events_and_timers (ngx_event.c:257)
==16956== by 0x44DC25: ngx_single_process_cycle (ngx_process_cycle.c:333)
==16956== by 0x4236AB: main (nginx.c:382)
==16956==
{
<insert_a_suppression_name_here>
Memcheck:Leak
match-leak-kinds: definite
fun:malloc
fun:CRYPTO_malloc
fun:CRYPTO_zalloc
fun:OPENSSL_sk_new_reserve
fun:OPENSSL_sk_new_null
fun:sk_SSL_CIPHER_new_null
fun:bytes_to_cipher_list
fun:tls_early_post_process_client_hello
fun:tls_post_process_client_hello
fun:ossl_statem_server_post_process_message
fun:read_state_machine
fun:state_machine
fun:ossl_statem_accept
fun:SSL_do_handshake
fun:ngx_ssl_handshake
fun:ngx_http_ssl_handshake
fun:ngx_epoll_process_events
fun:ngx_process_events_and_timers
fun:ngx_single_process_cycle
fun:main
}
==16956== 368 (32 direct, 336 indirect) bytes in 1 blocks are definitely lost in loss record 8 of 15
==16956== at 0x4C2B002: malloc (vg_replace_malloc.c:298)
==16956== by 0x5FFC868: CRYPTO_malloc (mem.c:222)
==16956== by 0x5FFC96F: CRYPTO_zalloc (mem.c:230)
==16956== by 0x603C54A: OPENSSL_sk_new_reserve (stack.c:209)
==16956== by 0x603C597: OPENSSL_sk_new_null (stack.c:118)
==16956== by 0x5C94A79: sk_SSL_CIPHER_new_null (ssl.h:960)
==16956== by 0x5C94A79: bytes_to_cipher_list (ssl_lib.c:5360)
==16956== by 0x5CB52E9: tls_early_post_process_client_hello (statem_srvr.c:1713)
==16956== by 0x5CB52E9: tls_post_process_client_hello (statem_srvr.c:2231)
==16956== by 0x5CB6F39: ossl_statem_server_post_process_message (statem_srvr.c:1218)
==16956== by 0x5CA4C11: read_state_machine (statem.c:664)
==16956== by 0x5CA4C11: state_machine (statem.c:434)
==16956== by 0x5CA538A: ossl_statem_accept (statem.c:255)
==16956== by 0x5C91759: SSL_do_handshake (ssl_lib.c:3609)
==16956== by 0x45456B: ngx_ssl_handshake (ngx_event_openssl.c:1606)
==16956== by 0x4698D3: ngx_http_ssl_handshake (ngx_http_request.c:751)
==16956== by 0x44ECA8: ngx_epoll_process_events (ngx_epoll_module.c:901)
==16956== by 0x443E94: ngx_process_events_and_timers (ngx_event.c:257)
==16956== by 0x44DC25: ngx_single_process_cycle (ngx_process_cycle.c:333)
==16956== by 0x4236AB: main (nginx.c:382)
==16956==
{
<insert_a_suppression_name_here>
Memcheck:Leak
match-leak-kinds: definite
fun:malloc
fun:CRYPTO_malloc
fun:CRYPTO_zalloc
fun:OPENSSL_sk_new_reserve
fun:OPENSSL_sk_new_null
fun:sk_SSL_CIPHER_new_null
fun:bytes_to_cipher_list
fun:tls_early_post_process_client_hello
fun:tls_post_process_client_hello
fun:ossl_statem_server_post_process_message
fun:read_state_machine
fun:state_machine
fun:ossl_statem_accept
fun:SSL_do_handshake
fun:ngx_ssl_handshake
fun:ngx_http_ssl_handshake
fun:ngx_epoll_process_events
fun:ngx_process_events_and_timers
fun:ngx_single_process_cycle
fun:main
}
Name
OpenResty - Turning Nginx into a Full-Fledged Scriptable Web Platform
Table of Contents
Description
OpenResty is a full-fledged web application server by bundling the standard nginx core, lots of 3rd-party nginx modules, as well as most of their external dependencies.
This bundle is maintained by Yichun Zhang (agentzh).
Because most of the nginx modules are developed by the bundle maintainers, it can ensure that all these modules are played well together.
The bundled software components are copyrighted by the respective copyright holders.
The homepage for this project is on openresty.org.
For Users
Visit the download page on the openresty.org web site
to download the latest bundle tarball, and
follow the installation instructions in the installation page.
For Bundle Maintainers
The bundle's source is at the following git repository:
https://github.com/openresty/openresty
To reproduce the bundle tarball, just do
make
at the top of the bundle source tree.
Please note that you may need to install some extra dependencies, like perl, dos2unix, and mercurial.
On Fedora 22, for example, installing the dependencies
is as simple as running the following commands:
sudo dnf install perl dos2unix mercurial
Additional Features
In additional to the standard nginx core features, this bundle also supports the following:
resolv.conf parsing
syntax: resolver address ... [valid=time] [ipv6=on|off] [local=on|off|path]
default: -
context: http, stream, server, location
Similar to the resolver directive
in standard nginx core with additional support for parsing additional resolvers from the resolv.conf file
format.
When local=on, the standard path of /etc/resolv.conf will be used. You may also specify arbitrary
path to be used for parsing, for example: local=/tmp/test.conf.
When local=off, parsing will be disabled (this is the default).
This feature is not available on Windows platforms.
Mailing List
You're very welcome to join the English OpenResty mailing list hosted on Google Groups:
https://groups.google.com/group/openresty-en
The Chinese mailing list is here:
https://groups.google.com/group/openresty
Report Bugs
You're very welcome to report issues on GitHub:
https://github.com/openresty/openresty/issues
Copyright & License
The bundle itself is licensed under the 2-clause BSD license.
Copyright (c) 2011-2019, Yichun "agentzh" Zhang (章亦春) agentzh@gmail.com, OpenResty Inc.
This module is licensed under the terms of the BSD license.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
- Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
- Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.