Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

getting ssl.SSLSocket.session brings to memory leak #116810

Closed
vetonyx opened this issue Mar 14, 2024 · 2 comments
Closed

getting ssl.SSLSocket.session brings to memory leak #116810

vetonyx opened this issue Mar 14, 2024 · 2 comments
Assignees
@gpshead @sethmlarson
Labels
topic-SSL type-bug An unexpected behavior, bug, or error

Comments

@vetonyx
Copy link

vetonyx commented Mar 14, 2024
edited by bedevere-app bot
Loading

Bug report

Bug description:

Ubuntu 22.04
python 3.12, python3.11

import ssl
import socket
import time
host = '192.168.16.66' # some server we can connect with https as example
port = 443

session = None
context = ssl._create_unverified_context(protocol=ssl.PROTOCOL_TLSv1_2)
with socket.create_connection((host, port)) as sock:
    with context.wrap_socket(sock, server_hostname=host, session = session) as ssock:
        for i in range(300000):
            session = ssock.session

print('Sleeping')
time.sleep(200)

Here is part of script that is used for "ssl reuse" session during connection to server
Running this script brings to memory leak (process memory increased from 322Mb to 2.5Gb).
Memory is not freed on "time.sleep" instruction
Not reproduced on python 3.8

CPython versions tested on:

3.11, 3.12

Operating systems tested on:

Linux

Linked PRs
@vetonyx vetonyx added the type-bug An unexpected behavior, bug, or error label Mar 14, 2024
@stanleyu
Copy link

I'm using cherrypy to run a very simple HTTPS web service. It started leaking memory when switched from python3.9 to python3.11. Very likely the same issue.

@jeffvanvoorst
Copy link
Contributor

jeffvanvoorst commented Aug 22, 2024
edited
Loading

Specifically, the function PySSL_get_session( ) has a work around for a bug in OpenSSL 1.1.0. However, the move from Python 3.9 to 3.11 removed the macros for OpenSSL versions. Now, the session is duplicated (by _ssl_session_dup( )) and pointer is saved in the session variable. Next SSL_get1_session( ) is used to return a pointer to the session and overwrites the address saved in the session variable. The duplicated session is leaked.

jeffvanvoorst added a commit to jeffvanvoorst/cpython that referenced this issue Aug 23, 2024
@jeffvanvoorst
pythongh-116810: fixed memory leak ssl module
119d33a 
PySSL_get_session leaks a session object each time
it is called.  For programs like cherrypy (cheroot),
a leak occurs with each handled web request.
@bedevere-app bedevere-app bot mentioned this issue Aug 23, 2024
Merged
@jeffvanvoorst jeffvanvoorst mentioned this issue Aug 23, 2024
Open
3 tasks
gpshead added a commit that referenced this issue Sep 30, 2024
@jeffvanvoorst @blurb-it
@ZeroIntensity @gpshead @pitrou
gh-116810: fix memory leak in ssl module (GH-123249)
7e7223e 
Resolve a memory leak introduced in CPython 3.10's :mod:`ssl` when the :attr:`ssl.SSLSocket.session` property was accessed. Speeds up read and write access to said property by no longer unnecessarily cloning session objects via serialization.

Co-authored-by: blurb-it[bot] <43283697+blurb-it[bot]@users.noreply.github.com>
Co-authored-by: Peter Bierma <[email protected]>
Co-authored-by: Gregory P. Smith <[email protected]>
Co-authored-by: Antoine Pitrou <[email protected]>
miss-islington pushed a commit to miss-islington/cpython that referenced this issue Sep 30, 2024
@jeffvanvoorst @blurb-it
@ZeroIntensity @gpshead @pitrou @miss-islington
pythongh-116810: fix memory leak in ssl module (pythonGH-123249)
f5c737f 
Resolve a memory leak introduced in CPython 3.10's :mod:`ssl` when the :attr:`ssl.SSLSocket.session` property was accessed. Speeds up read and write access to said property by no longer unnecessarily cloning session objects via serialization.

(cherry picked from commit 7e7223e)

Co-authored-by: Jeffrey R. Van Voorst <[email protected]>
Co-authored-by: blurb-it[bot] <43283697+blurb-it[bot]@users.noreply.github.com>
Co-authored-by: Peter Bierma <[email protected]>
Co-authored-by: Gregory P. Smith <[email protected]>
Co-authored-by: Antoine Pitrou <[email protected]>
miss-islington pushed a commit to miss-islington/cpython that referenced this issue Sep 30, 2024
@jeffvanvoorst @blurb-it
@ZeroIntensity @gpshead @pitrou @miss-islington
pythongh-116810: fix memory leak in ssl module (pythonGH-123249)
def2582 
Resolve a memory leak introduced in CPython 3.10's :mod:`ssl` when the :attr:`ssl.SSLSocket.session` property was accessed. Speeds up read and write access to said property by no longer unnecessarily cloning session objects via serialization.

(cherry picked from commit 7e7223e)

Co-authored-by: Jeffrey R. Van Voorst <[email protected]>
Co-authored-by: blurb-it[bot] <43283697+blurb-it[bot]@users.noreply.github.com>
Co-authored-by: Peter Bierma <[email protected]>
Co-authored-by: Gregory P. Smith <[email protected]>
Co-authored-by: Antoine Pitrou <[email protected]>
This was referenced Sep 30, 2024
Merged
Merged
gpshead added a commit that referenced this issue Sep 30, 2024
@miss-islington @jeffvanvoorst
@blurb-it @ZeroIntensity @gpshead @pitrou
[3.12] gh-116810: fix memory leak in ssl module (GH-123249) (GH-124801)
186cc40 
gh-116810: fix memory leak in ssl module (GH-123249)

Resolve a memory leak introduced in CPython 3.10's :mod:`ssl` when the :attr:`ssl.SSLSocket.session` property was accessed. Speeds up read and write access to said property by no longer unnecessarily cloning session objects via serialization.

(cherry picked from commit 7e7223e)

Co-authored-by: Jeffrey R. Van Voorst <[email protected]>
Co-authored-by: blurb-it[bot] <43283697+blurb-it[bot]@users.noreply.github.com>
Co-authored-by: Peter Bierma <[email protected]>
Co-authored-by: Gregory P. Smith <[email protected]>
Co-authored-by: Antoine Pitrou <[email protected]>
@vstinner vstinner closed this as completed Oct 1, 2024
vstinner pushed a commit that referenced this issue Oct 7, 2024
@miss-islington @jeffvanvoorst
@blurb-it @ZeroIntensity @gpshead @pitrou
[3.13] gh-116810: fix memory leak in ssl module (GH-123249) (#124800)
f5f1d45 
gh-116810: fix memory leak in ssl module (GH-123249)

Resolve a memory leak introduced in CPython 3.10's :mod:`ssl` when the :attr:`ssl.SSLSocket.session` property was accessed. Speeds up read and write access to said property by no longer unnecessarily cloning session objects via serialization.

(cherry picked from commit 7e7223e)

Co-authored-by: Jeffrey R. Van Voorst <[email protected]>
Co-authored-by: blurb-it[bot] <43283697+blurb-it[bot]@users.noreply.github.com>
Co-authored-by: Peter Bierma <[email protected]>
Co-authored-by: Gregory P. Smith <[email protected]>
Co-authored-by: Antoine Pitrou <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@gpshead gpshead

@sethmlarson sethmlarson

Labels
topic-SSL type-bug An unexpected behavior, bug, or error
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@gpshead @vstinner @jeffvanvoorst @picnixz @sethmlarson @stanleyu @vetonyx