[openssl.org #4437] invalid free() by ENGINE_cleanup()

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

[openssl.org #4437] invalid free() by ENGINE_cleanup()

Rich Salz via RT
Hey,

In curl we call ENGINE_cleanup() as part of our OpenSSL specific cleanup
function. When I do this with OpenSSL from git master as of right now
(OpenSSL_1_1_0-pre4-7-ga717738) valgrind catches an illegal free:

==20314== Invalid free() / delete / delete[] / realloc()
==20314==    at 0x4C2AE6B: free (vg_replace_malloc.c:530)
==20314==    by 0x53AC11: OPENSSL_cleanup (in /home/daniel/src/curl/src/curl)
==20314==    by 0x6D53E07: __run_exit_handlers (in
/lib/x86_64-linux-gnu/libc-2.22.so)
==20314==    by 0x6D53E54: exit (in /lib/x86_64-linux-gnu/libc-2.22.so)
==20314==    by 0x6D3E616: (below main) (in
/lib/x86_64-linux-gnu/libc-2.22.so)
==20314==  Address 0xb5bb990 is 0 bytes inside a block of size 56 free'd
==20314==    at 0x4C2AE6B: free (vg_replace_malloc.c:530)
==20314==    by 0x4861A2: Curl_ossl_cleanup (openssl.c:726)
==20314==    by 0x4381C4: Curl_ssl_cleanup (vtls.c:274)
==20314==    by 0x425D5D: curl_global_cleanup (easy.c:349)
==20314==    by 0x411C50: main_free (tool_main.c:210)
==20314==    by 0x411D05: main (tool_main.c:260)
==20314==  Block was alloc'd at
==20314==    at 0x4C29C0F: malloc (vg_replace_malloc.c:299)
==20314==    by 0x53D97D: CRYPTO_zalloc (in /home/daniel/src/curl/src/curl)
==20314==    by 0x5806E6: CRYPTO_THREAD_lock_new (in
/home/daniel/src/curl/src/curl)
==20314==    by 0x51EC18: do_engine_lock_init (in
/home/daniel/src/curl/src/curl)
==20314==    by 0x6B0F4E8: __pthread_once_slow (pthread_once.c:116)
==20314==    by 0x5807C8: CRYPTO_THREAD_run_once (in
/home/daniel/src/curl/src/curl)
==20314==    by 0x51EC63: ENGINE_new (in /home/daniel/src/curl/src/curl)
==20314==    by 0x611DE5: engine_load_dynamic_internal (in
/home/daniel/src/curl/src/curl)
==20314==    by 0x6B0F4E8: __pthread_once_slow (pthread_once.c:116)
==20314==    by 0x5807C8: CRYPTO_THREAD_run_once (in
/home/daniel/src/curl/src/curl)
==20314==    by 0x53B0E2: OPENSSL_init_crypto (in
/home/daniel/src/curl/src/curl)
==20314==    by 0x486141: Curl_ossl_init (openssl.c:687)

This is fully reproducable and it goes away if I remove the call to
ENGINE_cleanup().

The corresponding curl bug to track this is at
https://github.com/curl/curl/issues/717

--

  / daniel.haxx.se


--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4437
Please log in as guest with password guest if prompted

--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Reply | Threaded
Open this post in threaded view
|

Re: [openssl.org #4437] invalid free() by ENGINE_cleanup()

Matt Caswell-2
On 17/03/16 10:49, Daniel Stenberg via RT wrote:
> Hey,
>
> In curl we call ENGINE_cleanup() as part of our OpenSSL specific cleanup
> function. When I do this with OpenSSL from git master as of right now
> (OpenSSL_1_1_0-pre4-7-ga717738) valgrind catches an illegal free:

Auto deinit automatically calls ENGINE_cleanup() so there is no need to
call it explicitly. The bug here is that ENGINE_cleanup() should really
be a no-op and deprecated in 1.1.0 to prevent double frees occuring.

Matt

--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Reply | Threaded
Open this post in threaded view
|

Re: [openssl.org #4437] invalid free() by ENGINE_cleanup()

Rich Salz via RT
On 17/03/16 10:49, Daniel Stenberg via RT wrote:
> Hey,
>
> In curl we call ENGINE_cleanup() as part of our OpenSSL specific cleanup
> function. When I do this with OpenSSL from git master as of right now
> (OpenSSL_1_1_0-pre4-7-ga717738) valgrind catches an illegal free:

Auto deinit automatically calls ENGINE_cleanup() so there is no need to
call it explicitly. The bug here is that ENGINE_cleanup() should really
be a no-op and deprecated in 1.1.0 to prevent double frees occuring.

Matt


--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4437
Please log in as guest with password guest if prompted

--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev