Memory leak in OpenSSL application

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Memory leak in OpenSSL application

Jason Resch
Hello everyone,

My company has been working on an SSL enabled server application, and we
have recently encountered a memory leak bug which appears to lead to the
eventual crash of the server.  We ran a test having a client application
do nothing but connect to the server application and close the
connection.  After about 2,000 connections the server grows by about 50
MB and then it crashes.

I've been doing some research into this and so far the main cause seems
to be that we were not calling SSL_free after each connection closed.  
 From what I have gathered, the correct way to cleanup after a
connection is to call the following functions in this order:

    SSL_shutdown(ssl);
    SSL_free(ssl);
    close(socket);

My main reason for writing this e-mail is that I wanted to make sure I
wasn't missing anything as far as cleaning up after each connection.  
Are there any other functions I should be calling to prevent memory
leaks?  I would be grateful to hear from anyone who is experienced in
this area.  Thank you in advance.

Best Regards,

Jason Resch


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: Memory leak in OpenSSL application

Vinay Jha
 Do you have session cache enabled? I have had the same suspicion in the
past.
Following links may be usefull.
http://www.openssl.org/docs/ssl/SSL_CTX_set_session_cache_mode.html
http://www.openssl.org/docs/ssl/SSL_CTX_set_timeout.html#

-VJ
-----Original Message-----
From: [hidden email]
[mailto:[hidden email]] On Behalf Of Jason Resch
Sent: Monday, February 06, 2006 7:16 AM
To: [hidden email]
Subject: Memory leak in OpenSSL application

Hello everyone,

My company has been working on an SSL enabled server application, and we
have recently encountered a memory leak bug which appears to lead to the
eventual crash of the server.  We ran a test having a client application
do nothing but connect to the server application and close the
connection.  After about 2,000 connections the server grows by about 50
MB and then it crashes.

I've been doing some research into this and so far the main cause seems
to be that we were not calling SSL_free after each connection closed.  
 From what I have gathered, the correct way to cleanup after a
connection is to call the following functions in this order:

    SSL_shutdown(ssl);
    SSL_free(ssl);
    close(socket);

My main reason for writing this e-mail is that I wanted to make sure I
wasn't missing anything as far as cleaning up after each connection.  
Are there any other functions I should be calling to prevent memory
leaks?  I would be grateful to hear from anyone who is experienced in
this area.  Thank you in advance.

Best Regards,

Jason Resch


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: Memory leak in OpenSSL application

Mark-62
In reply to this post by Jason Resch
> I've been doing some research into this and so far the main
> cause seems
> to be that we were not calling SSL_free after each connection
> closed.  
>  From what I have gathered, the correct way to cleanup after a
> connection is to call the following functions in this order:
>
>     SSL_shutdown(ssl);
>     SSL_free(ssl);
>     close(socket);

Are you creating a new SSL context for every connection? You should
call SSL_CTX_free() for each context created.

Is your app multithreaded?  You'll need to allocate and free
the mutexes (CRYPTO_set_locking_callback() and associated
functions).  Also call ERR_remove_state() before a thread
terminates to clear it's error queue.

Best Regards,
Mark

 
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Memory leak in OpenSSL application

Krishna M Singh-2
Hi All

the best thing to track openSSL memory leak (as per my little
understanding) is to have a debug file with Boundschecker and than
provide some traffic and shutdown ur app. In case of leak its caught
by the boundschecker.

Now use some memory allocator (like Buddy Alloc etc...) and than have
abreakpoint for that size of memory that leaks.

This approach has helped me and so am sure will be useful assuming the
platform is windows :)

-Krishna

On 2/6/06, Mark <[hidden email]> wrote:

> > I've been doing some research into this and so far the main
> > cause seems
> > to be that we were not calling SSL_free after each connection
> > closed.
> >  From what I have gathered, the correct way to cleanup after a
> > connection is to call the following functions in this order:
> >
> >     SSL_shutdown(ssl);
> >     SSL_free(ssl);
> >     close(socket);
>
> Are you creating a new SSL context for every connection? You should
> call SSL_CTX_free() for each context created.
>
> Is your app multithreaded?  You'll need to allocate and free
> the mutexes (CRYPTO_set_locking_callback() and associated
> functions).  Also call ERR_remove_state() before a thread
> terminates to clear it's error queue.
>
> Best Regards,
> Mark
>
>
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [hidden email]
> Automated List Manager                           [hidden email]
>
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]