-
Notifications
You must be signed in to change notification settings - Fork 30k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: ssl socket leak when keepalive is used #5713
Conversation
LGTM. |
@saperal I see this is your first contribution (based on your GH history, feel free to correct me). First of all thank you :) This is a non-trivial fix of a memory leak, definitely a good contribution. What happens now is that collaborators are given 48 hours to discuss the fix and its implications. assuming no changes are requested it will be landed by a collaborator in 48 hours. Note that in general we like descriptive commit messages (under 70 lines) and we add the pull request URL and reviewers into the commit message. This will be done by a collaborator for you so don't worry about it - just for future reference. |
@@ -115,6 +115,9 @@ Agent.prototype.addRequest = function(req, options) { | |||
}; | |||
} | |||
|
|||
options = util._extend({}, options); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This can be done as a single call like options = Object.assign({}, options, this.options);
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it was done this way in order to remain consistent with the rest of the file. If we're refactoring this to an Object.assign
we might as well refactor the one in createSocket
to use Object.assign
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Refactoring the rest of the file isn't really necessary, and it will add unnecessary noise, making it a lot harder to use tools like git blame.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So can we keep the same syntax throughout the file (_extends) and refactor it to a Object.assign
at a future PR?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Object.assign
is not available in v0.12 in case the change has to be merged there.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@benjamingr we usually just update things like that when the code needs to be updated for some other reason.
@saperal ok, feel free to leave this as is.
LGTM if the CI is happy |
@saperal ... would you mind adding a bit more detail to the commit log message describing the issue that is fixed? |
LGTM with additional info added to the commit message |
SSL sockets leak whenever keep alive is enabled, ca option is set in the global agent, and requests are sent without the ca property. In the following case at Agent.prototype.createSocket a socket will be created with a hashtag name that includes data from the global agents’ ca property. On subsequent requests at Agent.prototype.addRequest we do not find the free socket, because the hashtag name generated there does not take into account the global agents’ ca property, thus creating a new socket and leaving the first socket to timeout. -closes: #5699
Done more info added to the comments of the PR. |
LGTM |
SSL sockets leak whenever keep alive is enabled, ca option is set in the global agent, and requests are sent without the ca property. In the following case at Agent.prototype.createSocket a socket will be created with a hashtag name that includes data from the global agents’ ca property. On subsequent requests at Agent.prototype.addRequest we do not find the free socket, because the hashtag name generated there does not take into account the global agents’ ca property, thus creating a new socket and leaving the first socket to timeout. closes: #5699 PR-URL: #5713 Reviewed-By: Benjamin Gruenbaum <[email protected]> Reviewed-By: Colin Ihrig <[email protected]> Reviewed-By: James M Snell <[email protected]>
Thanks for the contribution - landed in 2e1ae3e |
SSL sockets leak whenever keep alive is enabled, ca option is set in the global agent, and requests are sent without the ca property. In the following case at Agent.prototype.createSocket a socket will be created with a hashtag name that includes data from the global agents’ ca property. On subsequent requests at Agent.prototype.addRequest we do not find the free socket, because the hashtag name generated there does not take into account the global agents’ ca property, thus creating a new socket and leaving the first socket to timeout. closes: #5699 PR-URL: #5713 Reviewed-By: Benjamin Gruenbaum <[email protected]> Reviewed-By: Colin Ihrig <[email protected]> Reviewed-By: James M Snell <[email protected]>
SSL sockets leak whenever keep alive is enabled, ca option is set in the global agent, and requests are sent without the ca property. In the following case at Agent.prototype.createSocket a socket will be created with a hashtag name that includes data from the global agents’ ca property. On subsequent requests at Agent.prototype.addRequest we do not find the free socket, because the hashtag name generated there does not take into account the global agents’ ca property, thus creating a new socket and leaving the first socket to timeout. closes: #5699 PR-URL: #5713 Reviewed-By: Benjamin Gruenbaum <[email protected]> Reviewed-By: Colin Ihrig <[email protected]> Reviewed-By: James M Snell <[email protected]>
SSL sockets leak whenever keep alive is enabled, ca option is set in the global agent, and requests are sent without the ca property. In the following case at Agent.prototype.createSocket a socket will be created with a hashtag name that includes data from the global agents’ ca property. On subsequent requests at Agent.prototype.addRequest we do not find the free socket, because the hashtag name generated there does not take into account the global agents’ ca property, thus creating a new socket and leaving the first socket to timeout. closes: #5699 PR-URL: #5713 Reviewed-By: Benjamin Gruenbaum <[email protected]> Reviewed-By: Colin Ihrig <[email protected]> Reviewed-By: James M Snell <[email protected]>
Notable Changes * https: - Under certain conditions ssl sockets may have been causing a memory leak when keepalive is enabled. This is no longer the case. - (Alexander Penev) #5713 * lib: - The way that we were internally passing arguments was causing a potential leak. By copying the arguments into an array we can avoid this - (Nathan Woltman) #4361 * repl: - Previously if you were using the repl in strict mode the column number would be wrong in a stack trace. This is no longer an issue. - (Prince J Wesley) #5416 PR-URL: #5961
Notable Changes * https: - Under certain conditions ssl sockets may have been causing a memory leak when keepalive is enabled. This is no longer the case. - (Alexander Penev) #5713 * lib: - The way that we were internally passing arguments was causing a potential leak. By copying the arguments into an array we can avoid this - (Nathan Woltman) #4361 * npm: - Upgrade to v2.15.1. (Forrest L Norvell) * repl: - Previously if you were using the repl in strict mode the column number would be wrong in a stack trace. This is no longer an issue. - (Prince J Wesley) #5416 PR-URL: #5961
Notable Changes * https: - Under certain conditions ssl sockets may have been causing a memory leak when keepalive is enabled. This is no longer the case. - (Alexander Penev) #5713 * lib: - The way that we were internally passing arguments was causing a potential leak. By copying the arguments into an array we can avoid this - (Nathan Woltman) #4361 * npm: - Upgrade to v2.15.1. Fixes a security flaw in the use of authentication tokens in HTTP requests that would allow an attacker to set up a server that could collect tokens from users of the command-line interface. Authentication tokens have previously been sent with every request made by the CLI for logged-in users, regardless of the destination of the request. This update fixes this by only including those tokens for requests made against the registry or registries used for the current install. (Forrest L Norvell) * repl: - Previously if you were using the repl in strict mode the column number would be wrong in a stack trace. This is no longer an issue. - (Prince J Wesley) #5416 PR-URL: #5961
Notable Changes * https: - Under certain conditions ssl sockets may have been causing a memory leak when keepalive is enabled. This is no longer the case. - (Alexander Penev) #5713 * lib: - The way that we were internally passing arguments was causing a potential leak. By copying the arguments into an array we can avoid this - (Nathan Woltman) #4361 * npm: - Upgrade to v2.15.1. Fixes a security flaw in the use of authentication tokens in HTTP requests that would allow an attacker to set up a server that could collect tokens from users of the command-line interface. Authentication tokens have previously been sent with every request made by the CLI for logged-in users, regardless of the destination of the request. This update fixes this by only including those tokens for requests made against the registry or registries used for the current install. (Forrest L Norvell) * repl: - Previously if you were using the repl in strict mode the column number would be wrong in a stack trace. This is no longer an issue. - (Prince J Wesley) #5416 PR-URL: #5961
Pull Request check-list
Please make sure to review and check all of these items:
make -j8 test
(UNIX) orvcbuild test nosign
(Windows) pass withthis change (including linting)?
test (or a benchmark) included?
existing APIs, or introduces new ones)?
NOTE: these things are not required to open a PR and can be done
afterwards / while the PR is open.
Affected core subsystem(s)
Please provide affected core subsystem(s) (like buffer, cluster, crypto, etc)
Description of change
Please provide a description of the change here.
-closes: #5699