Hi,
I found a memory leak in openssl (version 0.9.6h). I've reproduced it
with demos/bio/saccept.c.
openssl-0.9.6h/demos/bio$ valgrind --num-callers=20 --leak-check=yes ./saccept
==1981== valgrind-1.0.4, a memory error detector for x86 GNU/Linux.
[...]
==1981==
==1981== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
==1981== malloc/free: in use at exit: 28987 bytes in 1602 blocks.
==1981== malloc/free: 1771 allocs, 169 frees, 127309 bytes allocated.
==1981== For counts of detected errors, rerun with: -v
==1981== searching for pointers to 1602 not-freed blocks.
==1981== checked 4299544 bytes.
==1981==
==1981== definitely lost: 920 bytes in 1 blocks.
==1981== possibly lost: 0 bytes in 0 blocks.
==1981== still reachable: 28067 bytes in 1601 blocks.
==1981==
==1981== 920 bytes in 1 blocks are definitely lost in loss record 1 of 3
==1981== at 0x4004519B: malloc (in /usr/lib/valgrind/valgrind.so)
==1981== by 0x80679C0: CRYPTO_malloc (mem.c:223)
==1981== by 0x80610CE: ssl3_new (s3_lib.c:706)
==1981== by 0x804C63B: tls1_new (t1_lib.c:123)
==1981== by 0x804E40E: SSL_new (ssl_lib.c:224)
==1981== by 0x8051659: SSL_dup (ssl_lib.c:1695)
==1981== by 0x8058CC9: ssl_ctrl (bio_ssl.c:434)
==1981== by 0x806EC1A: BIO_ctrl (bio_lib.c:311)
==1981== by 0x806F11A: BIO_dup_chain (bio_lib.c:478)
==1981== by 0x8074E18: acpt_state (bss_acpt.c:260)
==1981== by 0x8074F30: acpt_read (bss_acpt.c:301)
==1981== by 0x806E699: BIO_read (bio_lib.c:165)
==1981== by 0x804AFFF: main (saccept.c:80)
==1981== by 0x4026A08C: __libc_start_main (in /lib/libc-2.2.5.so)
==1981== by 0x228EC: ???
==1981==
==1981== LEAK SUMMARY:
==1981== definitely lost: 920 bytes in 1 blocks.
==1981== possibly lost: 0 bytes in 0 blocks.
==1981== still reachable: 28067 bytes in 1601 blocks.
==1981== Reachable blocks (those to which a pointer was found) are not shown.
The problem seems to be in SSL_dup in ssl/ssl_lib.c:
First, the ssl object ret is created:
ret=SSL_new(SSL_get_SSL_CTX(s)), this calls
s->method->ssl_new(s) in SSL_new
later in SSL_dup, some previously allocated bytes with ssl_new are
overwritten:
ret->method->ssl_new(ret)
This little patch seems to fix the problem, but I don't know, if it is
"the right way"...
diff -u -r1.3 -r1.4
--- ssl_lib.c 6 Jan 2003 09:04:14 -0000 1.3
+++ ssl_lib.c 24 Jan 2003 16:25:16 -0000 1.4
@@ -1708,6 +1708,7 @@
* and thus we can't use SSL_copy_session_id. */
ret->method = s->method;
+ ret->method->ssl_free(ret);
ret->method->ssl_new(ret);
if (s->cert != NULL)
regards,
christian
OpenSSL self-test report:
OpenSSL version: 0.9.6h
Last change: New function OPENSSL_cleanse(), which is used to cleans...
Options: --prefix=/usr --openssldir=/etc/openssl shared
OS (uname): Linux 2.4.20 #4 Thu Jan 2 00:10:53 CET 2003 i686 unknown
OS (config): i686-whatever-linux2
Target (default): linux-elf
Target: linux-elf
Compiler: gcc version 2.95.3 20010315 (release)
P.S.: The link in openssl-0.9.6h/README is wrong:
".. via the Request Tracker (http://www.openssl.org/rt2.html) "
-> Not found
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
