commit 98be76fc033f1d66bcfd09d4a22b86e8061e89c2
author Anshul M Gupta <anshul.mgupta@rubrik.com> Wed Dec 01 00:59:13 2021 -0800
committer Jens Geyer <Jens-G@users.noreply.github.com> Mon Dec 06 23:01:25 2021 +0100
tree 3875688fbcf111b4b971f079e5c28ad54b238798
parent 2853af2d02dc1c4e42175e76d5ccefe9e797c4c4

THRIFT-5482: Fix memory leak during SSL handshake in C++ library
Client: C++

lib/cpp/src/thrift/transport/TSSLSocket.cpp

diff --git a/lib/cpp/src/thrift/transport/TSSLSocket.cpp b/lib/cpp/src/thrift/transport/TSSLSocket.cpp
index 665f8f6..dc8fcd9 100644
--- a/lib/cpp/src/thrift/transport/TSSLSocket.cpp
+++ b/lib/cpp/src/thrift/transport/TSSLSocket.cpp
@@ -152,7 +152,15 @@
   CONF_modules_unload(1);
   EVP_cleanup();
   CRYPTO_cleanup_all_ex_data();
+#if OPENSSL_VERSION_NUMBER >= 0x10100000
+  // https://www.openssl.org/docs/man1.1.1/man3/OPENSSL_thread_stop.html
+  OPENSSL_thread_stop();
+#else
+  // ERR_remove_state() was deprecated in OpenSSL 1.0.0 and ERR_remove_thread_state()
+  // was deprecated in OpenSSL 1.1.0; these functions and should not be used.
+  // https://www.openssl.org/docs/manmaster/man3/ERR_remove_state.html
   ERR_remove_state(0);
+#endif
   ERR_free_strings();
 
   mutexes.reset();
@@ -382,7 +390,15 @@
     SSL_free(ssl_);
     ssl_ = nullptr;
     handshakeCompleted_ = false;
+#if OPENSSL_VERSION_NUMBER >= 0x10100000
+    // https://www.openssl.org/docs/man1.1.1/man3/OPENSSL_thread_stop.html
+    OPENSSL_thread_stop();
+#else
+    // ERR_remove_state() was deprecated in OpenSSL 1.0.0 and ERR_remove_thread_state()
+    // was deprecated in OpenSSL 1.1.0; these functions and should not be used.
+    // https://www.openssl.org/docs/manmaster/man3/ERR_remove_state.html
     ERR_remove_state(0);
+#endif
   }
   TSocket::close();
 }