Re: [openssl.org #894] bug report

Wed, 09 Jun 2004 14:13:14 -0700 

This is most likely not a bug - the OpenSSL dynamic libraries allocate memory 
with an expected lifetime that is identical to the process lifetime.  That 
this memory isn't lost can be demonstrated by the following code, which (as 
reported by valgrind on a Linux system) also "leaks" 21 blocks with an 
aggregate total allocated size of 1k:

#include <openssl/ssl.h>
int main(void)
{
        SSL_CTX* ctx = SSL_CTX_new(SSLv23_method());
        SSL_CTX_free(ctx);
        ctx = SSL_CTX_new(TLSv1_method());
        SSL_CTX_free(ctx);
        ctx = SSL_CTX_new(SSLv3_method());
        SSL_CTX_free(ctx);
}

OpenSSL leaves this memory allocated because it has no way of knowing if/when 
an application has finished using the library, and it keeps this data 
available for subsequent calls.

How to deal with this:  recognize that this happens, and subtract 21 "leaked" 
blocks/1024 "leaked" bytes (the byte count may be different on non-x86 or 
non-Linux system) from the total memory leak report.  If you get zero, there 
are no leaks.

Alternatively, you can figure out how to install a library unload callback 
that specifically frees this allocated memory just before process termination 
(a la glibc's __libc_freeres).

On Wednesday 09 June 2004 12:17, Effi Ban via RT wrote:
> To whom it may concern:
>
> We found that the following code fragment causes 21 memory leaks:
> ---------------------------------------------------------------------------
>- ------------------
> #include <openssl/ssl.h>
> SSL_CTX* ctx = SSL_CTX_new(SSLv23_method());
> SSL_CTX_free(ctx);
> ---------------------------------------------------------------------------
>- ------------------
>
> OS version:           Windows Server 2003 Enterprise Edition
> Dev. environment:     MS Visual Studio 6.0
> OpenSSL version:      0.9.7c release (30 Sep 2003)
>
> We would appreciate if you could reply with the status of this bug, as it
> is very important to our development process.
>
> Thanks,
> Effi
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.692 / Virus Database: 453 - Release Date: 5/28/2004
>
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> Development Mailing List                       [EMAIL PROTECTED]
> Automated List Manager                           [EMAIL PROTECTED]

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to