Modify

Opened 5 years ago

Closed 5 years ago

#13112 closed defect (fixed)

https memory leak in uhttpd + cyassl

Reported by: vhrm Owned by: nbd
Priority: normal Milestone:
Component: packages Version: Trunk
Keywords: Cc:

Description

Some aspect of using https (probably having something to do with initial negotiation ) causes uhttpd process to grow permanently.

This is on a netgear WNR2000 ("AP81" platform) with a home built trunk image.

OpenWrt Barrier Breaker r35770
Linux OpenWrt 3.7.9 #13 Mon Feb 25 15:08:26 EST 2013 mips GNU/Linux

root@OpenWrt:/etc/config# opkg list-installed | egrep "uhttpd|ssl"
libcyassl - 1.6.5-2
libustream-cyassl - 2013-01-22-da607e6272d789ed5dae3b0efff90912fda6f81f
uhttpd - 2013-01-22-14e3971c37e6feb0ec5eda0988e07d8a786ba9f9
uhttpd-mod-lua - 2013-01-22-14e3971c37e6feb0ec5eda0988e07d8a786ba9f9
uhttpd-mod-tls - 2013-01-22-14e3971c37e6feb0ec5eda0988e07d8a786ba9f9
uhttpd-mod-ubus - 2013-01-22-14e3971c37e6feb0ec5eda0988e07d8a786ba9f9

running uhttpd with:

/usr/sbin/uhttpd -f -h /www -r OpenWrt -x /cgi-bin -t 60 -T 30 -A 1 -n 3 -R -C /etc/uhttpd.crt -K /etc/uhttpd.key -s 0.0.0.0:443 -p 0.0.0.0:80

Repeated connects with openssl s_client show the uhttpd process (as shown by top) growing somewhere around 20kB / connection.
The size is persistent for at least three days.

while :; do sleep 1 ; echo -e "GET / HTTP/1.0\r\n\r\n" | openssl s_client -tls1 -connect 10.1.0.1:443 -quiet ; done

(connections from firefox during routine usage of luci also cause growth over time though the growth considerably slower )

Connections similar to the s_client but to port 80 show no growth.

while :; do sleep 1 ; date; echo -e "GET / HTTP/1.0\r\n\r\n" | nc 10.1.0.1 80 ; done

This build doesn't seem to have core generation capabilities...and due to size concerns binaries are stripped anyway so don't think i can provide anything useful in that sense.

Attachments (0)

Change History (3)

comment:1 Changed 5 years ago by vhrm

One thing to add: only non-default https related setting is that the cert uses a 2048 bit RSA key where the default is 1024. (cert generated as normal by px5g) Don't know if it's relevant as haven't tested others.

comment:2 Changed 5 years ago by nbd

  • Owner changed from developers to nbd
  • Status changed from new to accepted

comment:3 Changed 5 years ago by nbd

  • Resolution set to fixed
  • Status changed from accepted to closed

fixed in r36636

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.