Ticket #1265: 04-limit-ssl-mem.patch

File 04-limit-ssl-mem.patch, 1.1 kB (added by mlcreech, 14 months ago)

File which fixes this on my system (though it's probably not a "proper" fix)

  • src/connections.c 

    diff -purN orig/src/connections.c lighttpd-1.4.15/src/connections.c
    old new  
    194194#ifdef USE_OPENSSL 
    195195        int r, ssl_err, len; 
    196196        buffer *b = NULL; 
     197        size_t cnt=0; 
     198        static const size_t max_buffered_blocks=8; 
    197199 
    198200        if (!con->conf.is_ssl) return -1; 
    199201 
     
    223225                        con->bytes_read += len; 
    224226                        b = NULL; 
    225227                } 
    226         } while (len > 0); 
     228        } while ((len > 0) && (++cnt<max_buffered_blocks)); 
    227229 
    228230 
    229231        if (len < 0) { 

  • src/network.c 

    diff -purN orig/src/network.c lighttpd-1.4.15/src/network.c
    old new  
    380380                                        s->ssl_pemfile); 
    381381                        return -1; 
    382382                } 
    383                 SSL_CTX_set_default_read_ahead(s->ssl_ctx, 1); 
     383                SSL_CTX_set_default_read_ahead(s->ssl_ctx, 0); 
    384384                SSL_CTX_set_mode(s->ssl_ctx, SSL_CTX_get_mode(s->ssl_ctx) | SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER); 
    385385 
    386386                srv_socket->ssl_ctx = s->ssl_ctx;