fix: ssl socket leak when keepalive is used #5713
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ChALkeR
added
https
|
LGTM. |
|
@saperal I see this is your first contribution (based on your GH history, feel free to correct me). First of all thank you :) This is a non-trivial fix of a memory leak, definitely a good contribution. What happens now is that collaborators are given 48 hours to discuss the fix and its implications. assuming no changes are requested it will be landed by a collaborator in 48 hours. Note that in general we like descriptive commit messages (under 70 lines) and we add the pull request URL and reviewers into the commit message. This will be done by a collaborator for you so don't worry about it - just for future reference. |
| @@ -115,6 +115,9 @@ Agent.prototype.addRequest = function(req, options) { | |||
| }; | |||
| } | |||
|
|
|||
| options = util._extend({}, options); | |||
There was a problem hiding this comment.
This can be done as a single call like options = Object.assign({}, options, this.options);
There was a problem hiding this comment.
I think it was done this way in order to remain consistent with the rest of the file. If we're refactoring this to an Object.assign we might as well refactor the one in createSocket to use Object.assign.
There was a problem hiding this comment.
Refactoring the rest of the file isn't really necessary, and it will add unnecessary noise, making it a lot harder to use tools like git blame.
There was a problem hiding this comment.
So can we keep the same syntax throughout the file (_extends) and refactor it to a Object.assign at a future PR?
There was a problem hiding this comment.
Object.assign is not available in v0.12 in case the change has to be merged there.
There was a problem hiding this comment.
@benjamingr we usually just update things like that when the code needs to be updated for some other reason.
@saperal ok, feel free to leave this as is.
|
LGTM if the CI is happy |
|
@saperal ... would you mind adding a bit more detail to the commit log message describing the issue that is fixed? |
|
LGTM with additional info added to the commit message |
SSL sockets leak whenever keep alive is enabled, ca option is set in the global agent, and requests are sent without the ca property. In the following case at Agent.prototype.createSocket a socket will be created with a hashtag name that includes data from the global agents’ ca property. On subsequent requests at Agent.prototype.addRequest we do not find the free socket, because the hashtag name generated there does not take into account the global agents’ ca property, thus creating a new socket and leaving the first socket to timeout. -closes: #5699
|
Done more info added to the comments of the PR. |
|
LGTM |
benjamingr
pushed a commit
that referenced
this pull request
Mar 17, 2016
SSL sockets leak whenever keep alive is enabled, ca option is set in the global agent, and requests are sent without the ca property. In the following case at Agent.prototype.createSocket a socket will be created with a hashtag name that includes data from the global agents’ ca property. On subsequent requests at Agent.prototype.addRequest we do not find the free socket, because the hashtag name generated there does not take into account the global agents’ ca property, thus creating a new socket and leaving the first socket to timeout. closes: #5699 PR-URL: #5713 Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
|
Thanks for the contribution - landed in 2e1ae3e |
Fishrock123
pushed a commit
that referenced
this pull request
Mar 22, 2016
SSL sockets leak whenever keep alive is enabled, ca option is set in the global agent, and requests are sent without the ca property. In the following case at Agent.prototype.createSocket a socket will be created with a hashtag name that includes data from the global agents’ ca property. On subsequent requests at Agent.prototype.addRequest we do not find the free socket, because the hashtag name generated there does not take into account the global agents’ ca property, thus creating a new socket and leaving the first socket to timeout. closes: #5699 PR-URL: #5713 Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
MylesBorins
pushed a commit
that referenced
this pull request
Mar 30, 2016
SSL sockets leak whenever keep alive is enabled, ca option is set in the global agent, and requests are sent without the ca property. In the following case at Agent.prototype.createSocket a socket will be created with a hashtag name that includes data from the global agents’ ca property. On subsequent requests at Agent.prototype.addRequest we do not find the free socket, because the hashtag name generated there does not take into account the global agents’ ca property, thus creating a new socket and leaving the first socket to timeout. closes: #5699 PR-URL: #5713 Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
MylesBorins
pushed a commit
that referenced
this pull request
Mar 30, 2016
SSL sockets leak whenever keep alive is enabled, ca option is set in the global agent, and requests are sent without the ca property. In the following case at Agent.prototype.createSocket a socket will be created with a hashtag name that includes data from the global agents’ ca property. On subsequent requests at Agent.prototype.addRequest we do not find the free socket, because the hashtag name generated there does not take into account the global agents’ ca property, thus creating a new socket and leaving the first socket to timeout. closes: #5699 PR-URL: #5713 Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
MylesBorins
pushed a commit
that referenced
this pull request
Mar 30, 2016
Notable Changes
* https:
- Under certain conditions ssl sockets may have been causing a memory
leak when keepalive is enabled. This is no longer the case.
- (Alexander Penev) #5713
* lib:
- The way that we were internally passing arguments was causing a
potential leak. By copying the arguments into an array we can avoid this
- (Nathan Woltman) #4361
* repl:
- Previously if you were using the repl in strict mode the column number
would be wrong in a stack trace. This is no longer an issue.
- (Prince J Wesley) #5416
PR-URL: #5961
MylesBorins
pushed a commit
that referenced
this pull request
Mar 31, 2016
Notable Changes
* https:
- Under certain conditions ssl sockets may have been causing a memory
leak when keepalive is enabled. This is no longer the case.
- (Alexander Penev) #5713
* lib:
- The way that we were internally passing arguments was causing a
potential leak. By copying the arguments into an array we can avoid this
- (Nathan Woltman) #4361
* npm:
- Upgrade to v2.15.1. (Forrest L Norvell)
* repl:
- Previously if you were using the repl in strict mode the column number
would be wrong in a stack trace. This is no longer an issue.
- (Prince J Wesley) #5416
PR-URL: #5961
MylesBorins
pushed a commit
that referenced
this pull request
Mar 31, 2016
Notable Changes
* https:
- Under certain conditions ssl sockets may have been causing a memory
leak when keepalive is enabled. This is no longer the case.
- (Alexander Penev) #5713
* lib:
- The way that we were internally passing arguments was causing a
potential leak. By copying the arguments into an array we can avoid this
- (Nathan Woltman) #4361
* npm:
- Upgrade to v2.15.1. Fixes a security flaw in the use of authentication
tokens in HTTP requests that would allow an attacker to set up a server
that could collect tokens from users of the command-line interface.
Authentication tokens have previously been sent with every request made
by the CLI for logged-in users, regardless of the destination of the
request. This update fixes this by only including those tokens for
requests made against the registry or registries used for the current
install. (Forrest L Norvell)
* repl:
- Previously if you were using the repl in strict mode the column number
would be wrong in a stack trace. This is no longer an issue.
- (Prince J Wesley) #5416
PR-URL: #5961
MylesBorins
pushed a commit
that referenced
this pull request
Apr 1, 2016
Notable Changes
* https:
- Under certain conditions ssl sockets may have been causing a memory
leak when keepalive is enabled. This is no longer the case.
- (Alexander Penev) #5713
* lib:
- The way that we were internally passing arguments was causing a
potential leak. By copying the arguments into an array we can avoid this
- (Nathan Woltman) #4361
* npm:
- Upgrade to v2.15.1. Fixes a security flaw in the use of authentication
tokens in HTTP requests that would allow an attacker to set up a server
that could collect tokens from users of the command-line interface.
Authentication tokens have previously been sent with every request made
by the CLI for logged-in users, regardless of the destination of the
request. This update fixes this by only including those tokens for
requests made against the registry or registries used for the current
install. (Forrest L Norvell)
* repl:
- Previously if you were using the repl in strict mode the column number
would be wrong in a stack trace. This is no longer an issue.
- (Prince J Wesley) #5416
PR-URL: #5961
fengmk2
pushed a commit
to node-modules/agentkeepalive
that referenced
this pull request
Apr 5, 2016
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Pull Request check-list
Please make sure to review and check all of these items:
make -j8 test(UNIX) orvcbuild test nosign(Windows) pass withthis change (including linting)?
test (or a benchmark) included?
existing APIs, or introduces new ones)?
NOTE: these things are not required to open a PR and can be done
afterwards / while the PR is open.
Affected core subsystem(s)
Please provide affected core subsystem(s) (like buffer, cluster, crypto, etc)
Description of change
Please provide a description of the change here.
-closes: #5699