OpenSSL › OpenSSL - Dev

[openssl.org #1087] Memory leak - OpenSSL 0.9.7g

_‹ Previous Topic Next Topic _›

Classic

List

Threaded

3 messages Options

Rich Salz via RT

[openssl.org #1087] Memory leak - OpenSSL 0.9.7g

Hello,

I would like to report a memory leak in SSL_connect(). Following code
sample was check for memory leaks
using "Purify" and show a 13K leak in SSL_connect().

1. Am I doing something wrong?
2. Will there be a fix soon?

Sincerely yours.

Karim sharif

------------------------------------------------------------------------
------------------------------------------------------------------------
------------------------------------------------------------------------
-------------

#include <windows.h>
#include <winsock.h>
#include <stdio.h>

#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/ssl.h>
#include <openssl/rand.h>

char sname[1024];
char iname[1024];
char peerCN[1024];

struct sockaddr_in RemoteAddress;

main()
{
BIO *conn;
SSL *servercon;
SSL_CTX *ssl_ctx;
SOCKET ThisSocket;
int fd_width;
int i;
X509 *peer;
SSL_METHOD *method;

WORD wVersionRequested;
WSADATA wsaData;
int err;

wVersionRequested = MAKEWORD( 2, 2 );

err = WSAStartup( wVersionRequested, &wsaData );
if ( err != 0 ) {
/* Tell the user that we could not find a usable */
/* WinSock DLL. */
return 0;
}

SSL_library_init();
SSL_load_error_strings();

ERR_load_crypto_strings();

conn = BIO_new(BIO_s_connect());
if (conn == NULL) {
printf("BIO_new() failed\n");
exit(0);
}

method = SSLv3_client_method();
if (method == NULL) {
printf("SSLv3_client_method() failed\n");
exit(0);
}

i = RAND_load_file(".rnd", 0x100000);

ssl_ctx = SSL_CTX_new(method);
if (ssl_ctx == NULL) {
printf("SSL_CTX_new() failed\n");
exit(0);
}

SSL_CTX_set_default_passwd_cb_userdata(ssl_ctx, "");

if (SSL_CTX_set_cipher_list(ssl_ctx, "RC4-SHA") <= 0) {
printf("SSL_CTX_set_cipher_list() failed\n");
exit(0);
}

servercon = SSL_new(ssl_ctx);
if (servercon == NULL) {
printf("SSL_new() failed\n");
exit(0);
}

SSL_set_connect_state(servercon);
SSL_set_bio(servercon, conn, conn);

ThisSocket = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
WSAAsyncSelect(ThisSocket, 0, (WM_USER + 101), 63);
RemoteAddress.sin_addr.s_net = 192;
RemoteAddress.sin_addr.s_host = 138;
RemoteAddress.sin_addr.s_lh = 179;
RemoteAddress.sin_addr.s_impno = 221;

RemoteAddress.sin_family = AF_INET; //Make connected true
RemoteAddress.sin_port = htons(7777);
i = connect(ThisSocket, &RemoteAddress, sizeof(RemoteAddress));

fd_width = SSL_set_fd(servercon, ThisSocket) + 1;

i = SSL_connect(servercon);
if ( i < 0) {
printf("SSL_connect() failed\n");
exit(0);
}

peer = SSL_get_peer_certificate(servercon);
if (peer != NULL) {
memset(sname, 0, sizeof(sname));
X509_NAME_oneline(X509_get_subject_name(peer), sname, 400);

memset(iname, 0, sizeof(iname));
X509_NAME_oneline(X509_get_issuer_name(peer), iname, 400);

memset(peerCN, 0, sizeof(peerCN));
X509_NAME_get_text_by_NID(X509_get_subject_name(peer), 13,
peerCN, 256);
}

SSL_free(servercon);
SSL_CTX_free(ssl_ctx);
return 1;
}

______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [hidden email]
Automated List Manager [hidden email]

Rich Salz via RT

Re: [openssl.org #1087] Memory leak - OpenSSL 0.9.7g

Karim Sharif via RT wrote:
> Hello,
>
> I would like to report a memory leak in SSL_connect(). Following code
> sample was check for memory leaks
> using "Purify" and show a 13K leak in SSL_connect().

did you read the "* I think I've detected a memory leak, is this a bug?"
item in the FAQ ?

Didn't purify give you a somewhat more precise description where
the mem leak is ?

...

> peer = SSL_get_peer_certificate(servercon);
> if (peer != NULL) {
> memset(sname, 0, sizeof(sname));
> X509_NAME_oneline(X509_get_subject_name(peer), sname, 400);
>
> memset(iname, 0, sizeof(iname));
> X509_NAME_oneline(X509_get_issuer_name(peer), iname, 400);
>
> memset(peerCN, 0, sizeof(peerCN));
> X509_NAME_get_text_by_NID(X509_get_subject_name(peer), 13,
> peerCN, 256);
> }
>
> SSL_free(servercon);
> SSL_CTX_free(ssl_ctx);

at least a "X509_free(peer);" is missing here, as SSL_get_peer_certificate
increases the reference counter of the X509 object.

> return 1;
> }

Cheers,
Nils

______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [hidden email]
Automated List Manager [hidden email]

Rich Salz via RT

RE: [openssl.org #1087] Memory leak - OpenSSL 0.9.7g

In reply to this post by Rich Salz via RT

Thank you so much for your help.
"X509_free(peer);" was the solution.

Please consider this case closed.

-----Original Message-----
From: [hidden email]
[mailto:[hidden email]] On Behalf Of Nils Larsch via
RT
Sent: Tuesday, May 31, 2005 4:17 PM
To: Karim Sharif
Cc: [hidden email]
Subject: Re: [openssl.org #1087] Memory leak - OpenSSL 0.9.7g

Karim Sharif via RT wrote:
> Hello,
>
> I would like to report a memory leak in SSL_connect(). Following code
> sample was check for memory leaks using "Purify" and show a 13K leak
> in SSL_connect().

did you read the "* I think I've detected a memory leak, is this a bug?"
item in the FAQ ?

Didn't purify give you a somewhat more precise description where the mem
leak is ?

...

at least a "X509_free(peer);" is missing here, as
SSL_get_peer_certificate increases the reference counter of the X509
object.

> return 1;
> }

Cheers,
Nils

______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [hidden email]
Automated List Manager [hidden email]