[jira] [Reopened] (THRIFT-2936) Minor memory leak in SSL

James E. King, III (JIRA) Thu, 17 Sep 2015 12:13:25 -0700

     [ 
https://issues.apache.org/jira/browse/THRIFT-2936?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


James E. King, III reopened THRIFT-2936:
----------------------------------------

I've found that this causes a crash similar to the one described here:
https://bugs.eclipse.org/bugs/show_bug.cgi?id=462780

I had to remove it in order not to crash in any application that opens one 
socket at a time then closes everything, such as a set of unit tests.
The stack I get is:
{noformat}
==11727== Invalid read of size 8
==11727==    at 0x5E0D539: sk_free (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==11727==    by 0x66BED1D: apache::thrift::transport::cleanupOpenSSL() 
(TSSLSocket.cpp:127)
==11727==    by 0x66C32B7: 
apache::thrift::transport::TSSLSocketFactory::~TSSLSocketFactory() 
(TSSLSocket.cpp:469)
==11727==    by 0x4D665A4: 
TLSOnlyTSSLServerSocketFactory::~TLSOnlyTSSLServerSocketFactory() (in 
/var/tmp/build/lib/libcommon.so)
==11727==    by 0x4D665C8: 
TLSOnlyTSSLServerSocketFactory::~TLSOnlyTSSLServerSocketFactory() 
(rpctlsserver.cpp:25)
==11727==    by 0x4D6698A: void 
boost::checked_delete<TLSOnlyTSSLServerSocketFactory>(TLSOnlyTSSLServerSocketFactory*)
 (checked_delete.hpp:34)
==11727==    by 0x4D66A08: 
boost::detail::sp_counted_impl_p<TLSOnlyTSSLServerSocketFactory>::dispose() 
(sp_counted_impl.hpp:78)
==11727==    by 0x44A808: boost::detail::sp_counted_base::release() 
(sp_counted_base_clang.hpp:112)
==11727==    by 0x44A7A9: boost::detail::shared_count::~shared_count() 
(shared_count.hpp:467)
==11727==    by 0x4D664C8: 
boost::shared_ptr<apache::thrift::transport::TSSLSocketFactory>::~shared_ptr() 
(in /var/tmp/build/lib/libcommon.so)
==11727==    by 0x4D65725: RpcTlsServer::getSSLSocketFactory() 
(rpctlsserver.cpp:79)
==11727==    by 0x4D65939: RpcTlsServer::start() (rpctlsserver.cpp:92)
==11727==  Address 0xaa27858 is 8 bytes inside a block of size 32 free'd
==11727==    at 0x402E36D: free (vg_replace_malloc.c:473)
==11727==    by 0x5D87F8C: CRYPTO_free (in 
/lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==11727==    by 0x66BED1D: apache::thrift::transport::cleanupOpenSSL() 
(TSSLSocket.cpp:127)
==11727==    by 0x66C32B7: 
apache::thrift::transport::TSSLSocketFactory::~TSSLSocketFactory() 
(TSSLSocket.cpp:469)
==11727==    by 0x4D665A4: 
TLSOnlyTSSLServerSocketFactory::~TLSOnlyTSSLServerSocketFactory() (in 
/var/tmp/build/lib/libcommon.so)
==11727==    by 0x4D665C8: 
TLSOnlyTSSLServerSocketFactory::~TLSOnlyTSSLServerSocketFactory() 
(rpctlsserver.cpp:25)
==11727==    by 0x4D6698A: void 
boost::checked_delete<TLSOnlyTSSLServerSocketFactory>(TLSOnlyTSSLServerSocketFactory*)
 (checked_delete.hpp:34)
==11727==    by 0x4D66A08: 
boost::detail::sp_counted_impl_p<TLSOnlyTSSLServerSocketFactory>::dispose() 
(sp_counted_impl.hpp:78)
==11727==    by 0x44A808: boost::detail::sp_counted_base::release() 
(sp_counted_base_clang.hpp:112)
==11727==    by 0x44A7A9: boost::detail::shared_count::~shared_count() 
(shared_count.hpp:467)
==11727==    by 0x4D664C8: 
boost::shared_ptr<apache::thrift::transport::TSSLSocketFactory>::~shared_ptr() 
(in /var/tmp/build/lib/libcommon.so)
==11727==    by 0x4D65725: RpcTlsServer::getSSLSocketFactory() 
(rpctlsserver.cpp:79)
{noformat}

As such, we should consider backing this change out.
The following "cleanupOpenSSL" works for me:
{noformat}
void cleanupOpenSSL() {
  if (!openSSLInitialized) {
    return;
  }
  openSSLInitialized = false;
#if (OPENSSL_VERSION_NUMBER < OPENSSL_VERSION_NO_THREAD_ID)
  CRYPTO_set_id_callback(NULL);
#endif
  CRYPTO_set_locking_callback(NULL);
  CRYPTO_set_dynlock_create_callback(NULL);
  CRYPTO_set_dynlock_lock_callback(NULL);
  CRYPTO_set_dynlock_destroy_callback(NULL);
  ERR_free_strings();
  EVP_cleanup();
  CRYPTO_cleanup_all_ex_data();
  ERR_remove_state(0);
  mutexes.reset();
}
{noformat}

I reordered the sequence of where CRYPTO_cleanup_all_ex_data is called based on 
the eclipse bug report's resolution of the same issue.

> Minor memory leak in SSL
> ------------------------
>
>                 Key: THRIFT-2936
>                 URL: https://issues.apache.org/jira/browse/THRIFT-2936
>             Project: Thrift
>          Issue Type: Bug
>          Components: C++ - Library
>    Affects Versions: 0.9.3
>         Environment: Ubuntu 14.04.1 LTS
>            Reporter: Cristian Klein
>            Assignee: Randy Abernethy
>            Priority: Minor
>              Labels: easyfix, newbie, patch
>             Fix For: 0.9.3
>
>         Attachments: 0001-THRIFT-2936-Fix-minor-memory-leak-in-SSL.patch
>
>   Original Estimate: 1h
>  Remaining Estimate: 1h
>
> Valgrind shows that Thrift clients that use SSL leak 64 bytes in two chunks. 
> This is because the list of available compression methods is not freed.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Reopened] (THRIFT-2936) Minor memory leak in SSL

Reply via email to