debian/patches/94_Fix-memory-leak-on-Gnu-TLS-close.patch

   1 From 867e8fe25dbfb1e31493488ad695bde55b890397 Mon Sep 17 00:00:00 2001
   2 From: "Heiko Schlittermann (HS12-RIPE)" <hs@schlittermann.de>
   3 Date: Wed, 23 Nov 2016 12:02:26 +0100
   4 Subject: [PATCH] Fix memory leak on (Gnu)TLS close.
   5
   6 This leak doesn't show up under normal operation, as the process
   7 normally dies right after closing the session.
   8
   9 But during callout repetitive TLS sessions are opened and closed from
  10 the same process (the process receiving the message). Depending on
  11 the amount of RAM and the number of callouts the same process does,
  12 this may be a problem. (On an amd64 machine with 4GB RAM, at about 1000
  13 recipients the memory is exhausted.)
  14
  15 (cherry picked from commit ed62aae3051c9a713d35c8ae516fbd193d1401ba)
  16 ---
  17  src/tls-gnu.c | 5 +++++
  18  1 file changed, 5 insertions(+)
  19
  20 diff --git a/src/tls-gnu.c b/src/tls-gnu.c
  21 index 61ed0e81..670f8cbc 100644
  22 --- a/src/tls-gnu.c
  23 +++ b/src/tls-gnu.c
  24 @@ -1729,6 +1729,7 @@ if (rc != GNUTLS_E_SUCCESS)
  25
  26    if (!sigalrm_seen)
  27      {
  28 +    gnutls_certificate_free_credentials(state->x509_cred);
  29      (void)fclose(smtp_out);
  30      (void)fclose(smtp_in);
  31      }
  32 @@ -2014,6 +2015,8 @@ if (shutdown)
  33    }
  34
  35  gnutls_deinit(state->session);
  36 +gnutls_certificate_free_credentials(state->x509_cred);
  37 +
  38
  39  state->tlsp->active = -1;
  40  memcpy(state, &exim_gnutls_state_init, sizeof(exim_gnutls_state_init));
  41 @@ -2074,6 +2077,8 @@ if (state->xfer_buffer_lwm >= state->xfer_buffer_hwm)
  42      receive_smtp_buffered = smtp_buffered;
  43
  44      gnutls_deinit(state->session);
  45 +    gnutls_certificate_free_credentials(state->x509_cred);
  46 +
  47      state->session = NULL;
  48      state->tlsp->active = -1;
  49      state->tlsp->bits = 0;
  50 --
  51 2.11.0
  52