From e4010d888ffb07e12da2bdfecd9284871be27e52 Mon Sep 17 00:00:00 2001 From: Maxim Dounin Date: Fri, 29 Mar 2013 17:17:45 +0000 Subject: [PATCH] Merge of r5082: SSL: retry "sess_id" and "id" allocations. SSL: retry "sess_id" and "id" allocations. In case of fully populated SSL session cache with no memory left for new allocations, ngx_ssl_new_session() will try to expire the oldest non-expired session and retry, but only in case when slab allocation fails for "cached_sess", not when slab allocation fails for either "sess_id" or "id", which can happen for number of reasons and results in new session not being cached. Patch fixes this by adding retry logic to "sess_id" & "id" allocations. Patch by Piotr Sikora. --- src/event/ngx_event_openssl.c | 24 ++++++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c index d3663c4f5..5c88e4ad6 100644 --- a/src/event/ngx_event_openssl.c +++ b/src/event/ngx_event_openssl.c @@ -1716,8 +1716,18 @@ ngx_ssl_new_session(ngx_ssl_conn_t *ssl_conn, ngx_ssl_session_t *sess) } sess_id = ngx_slab_alloc_locked(shpool, sizeof(ngx_ssl_sess_id_t)); + if (sess_id == NULL) { - goto failed; + + /* drop the oldest non-expired session and try once more */ + + ngx_ssl_expire_sessions(cache, shpool, 0); + + sess_id = ngx_slab_alloc_locked(shpool, sizeof(ngx_ssl_sess_id_t)); + + if (sess_id == NULL) { + goto failed; + } } #if (NGX_PTR_SIZE == 8) @@ -1727,8 +1737,18 @@ ngx_ssl_new_session(ngx_ssl_conn_t *ssl_conn, ngx_ssl_session_t *sess) #else id = ngx_slab_alloc_locked(shpool, sess->session_id_length); + if (id == NULL) { - goto failed; + + /* drop the oldest non-expired session and try once more */ + + ngx_ssl_expire_sessions(cache, shpool, 0); + + id = ngx_slab_alloc_locked(shpool, sess->session_id_length); + + if (id == NULL) { + goto failed; + } } #endif