# HG changeset patch # User Maxim Dounin # Date 1361620465 0 # Node ID bebcc2f837d3696a753e913eb7a85006184bb52f # Parent 8da37c1b22a40eaa0a91fc83ce5ee33247709630 SSL: retry "sess_id" and "id" allocations. In case of fully populated SSL session cache with no memory left for new allocations, ngx_ssl_new_session() will try to expire the oldest non-expired session and retry, but only in case when slab allocation fails for "cached_sess", not when slab allocation fails for either "sess_id" or "id", which can happen for number of reasons and results in new session not being cached. Patch fixes this by adding retry logic to "sess_id" & "id" allocations. Patch by Piotr Sikora. diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c --- a/src/event/ngx_event_openssl.c +++ b/src/event/ngx_event_openssl.c @@ -1842,8 +1842,18 @@ ngx_ssl_new_session(ngx_ssl_conn_t *ssl_ } sess_id = ngx_slab_alloc_locked(shpool, sizeof(ngx_ssl_sess_id_t)); + if (sess_id == NULL) { - goto failed; + + /* drop the oldest non-expired session and try once more */ + + ngx_ssl_expire_sessions(cache, shpool, 0); + + sess_id = ngx_slab_alloc_locked(shpool, sizeof(ngx_ssl_sess_id_t)); + + if (sess_id == NULL) { + goto failed; + } } #if (NGX_PTR_SIZE == 8) @@ -1853,8 +1863,18 @@ ngx_ssl_new_session(ngx_ssl_conn_t *ssl_ #else id = ngx_slab_alloc_locked(shpool, sess->session_id_length); + if (id == NULL) { - goto failed; + + /* drop the oldest non-expired session and try once more */ + + ngx_ssl_expire_sessions(cache, shpool, 0); + + id = ngx_slab_alloc_locked(shpool, sess->session_id_length); + + if (id == NULL) { + goto failed; + } } #endif