unable to free PROXY_CERT_INFO_EXTENSION

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

unable to free PROXY_CERT_INFO_EXTENSION

Matt Rodriguez
I can't seem to get rid of a memory leak when I create a proxyCertInfo
extension. I've tried calling X509_EXTENSION_free,
and then X509_EXT_cleanup. I don't think I need to do that because it is
not a custom extension, I'm using
openssl-0.9.8a.

Here's what I've discovered so far.

The X509_EXTENSION_free is a macro that is defined by
IMPLEMENT_ASN1_FUNCTIONS. This
gives you functions to encode,decode, allocate and deallocate an ASN1
structure.  With gdb I can
see it stepping through ASN1_item_free, but I don't know why that isn't
freeing the memory.

Thanks,
Matt Rodriguez

#include <openssl/x509v3.h>
#include <openssl/err.h>
#include <openssl/ssl.h>
static char * pci_value = "critical, language:Inherit all";

int
main(int argc, char **argv){
        X509_EXTENSION *ext =NULL;
        X509V3_CTX *ctx;
        LHASH *lhash;
        SSL_library_init();
        OpenSSL_add_all_ciphers();
        OpenSSL_add_all_algorithms();
        SSL_load_error_strings();
        lhash = lh_new(NULL, NULL);
    X509V3_set_conf_lhash(ctx, lhash);
        ext = X509V3_EXT_conf(NULL, ctx, "proxyCertInfo", pci_value);
        if (ext == NULL){
        ERR_print_errors_fp(stderr);
                exit(-1);
        }
    X509V3_EXT_print_fp(stdout, ext, 0, 0);
    X509_EXTENSION_free(ext);
        X509V3_EXT_cleanup();
        /*PROXY_CERT_INFO_EXTENSION_free(ext);*/
        return 0;
}
Reply | Threaded
Open this post in threaded view
|

Re: unable to free PROXY_CERT_INFO_EXTENSION

Richard Levitte - VMS Whacker
In message <[hidden email]> on Fri, 02 Dec 2005 12:09:14 -0800, Matthew Rodriguez DSD staff <[hidden email]> said:

MKRodriguez> I can't seem to get rid of a memory leak when I create a
MKRodriguez> proxyCertInfo extension. I've tried calling
MKRodriguez> X509_EXTENSION_free, and then X509_EXT_cleanup. I don't
MKRodriguez> think I need to do that because it is not a custom
MKRodriguez> extension, I'm using openssl-0.9.8a.

Have you tried PROXY_CERT_INFO_EXTENSION_free() ?

Cheers,
Richard

--
Richard Levitte                         [hidden email]
                                        http://richard.levitte.org/

"When I became a man I put away childish things, including
 the fear of childishness and the desire to be very grown up."
                                                -- C.S. Lewis
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: unable to free PROXY_CERT_INFO_EXTENSION

Matt Rodriguez
Richard Levitte - VMS Whacker wrote:

>In message <[hidden email]> on Fri, 02 Dec 2005 12:09:14 -0800, Matthew Rodriguez DSD staff <[hidden email]> said:
>
>MKRodriguez> I can't seem to get rid of a memory leak when I create a
>MKRodriguez> proxyCertInfo extension. I've tried calling
>MKRodriguez> X509_EXTENSION_free, and then X509_EXT_cleanup. I don't
>MKRodriguez> think I need to do that because it is not a custom
>MKRodriguez> extension, I'm using openssl-0.9.8a.
>
>Have you tried PROXY_CERT_INFO_EXTENSION_free() ?
>
>Cheers,
>Richard
>
>  
>
I get a segmentation fault when I try and do a
PROXY_CERT_INFO_EXTENSION_free.
Here is the stack trace.

Program received signal SIGSEGV, Segmentation fault.
0x400de99e in ASN1_primitive_free (pval=0x103, it=0x40143b70) at
tasn_fre.c:237
237                     if ((utype != V_ASN1_BOOLEAN) && !*pval)
(gdb) bt
#0  0x400de99e in ASN1_primitive_free (pval=0x103, it=0x40143b70)
    at tasn_fre.c:237
#1  0x400de5c7 in asn1_item_combine_free (pval=0x103, it=0x40143b70,
combine=0)
    at tasn_fre.c:103
#2  0x400de8f2 in ASN1_template_free (pval=0x103, tt=0x401472b4)
    at tasn_fre.c:202
#3  0x400de7fb in asn1_item_combine_free (pval=0x8054d04, it=0x40144218,
    combine=0) at tasn_fre.c:172
#4  0x400de8f2 in ASN1_template_free (pval=0x8054d04, tt=0x401472f4)
    at tasn_fre.c:202
#5  0x400de7fb in asn1_item_combine_free (pval=0xbfffead0, it=0x40144234,
    combine=0) at tasn_fre.c:172
#6  0x400de4ef in ASN1_item_free (val=0x8054d00, it=0x40144234)
    at tasn_fre.c:71
#7  0x401048ca in PROXY_CERT_INFO_EXTENSION_free (a=0x8054d00) at
v3_pcia.c:55
#8  0x080488a5 in main (argc=1, argv=0xbfffebb4) at x509_ext.c:25
(gdb)                    

I'll have to step through these 2 cases more carefully. I see that
X509_EXTENSION_free
and PROXY_CERT_INFO_EXTENSION_free both go through the ASN1_item free,
and ASN1_item_combine_free
but somewhere after that they go through different codepaths.

Matt                                      

#include <openssl/x509v3.h>
#include <openssl/err.h>
#include <openssl/ssl.h>
static char * pci_value = "critical, language:Inherit all";

int
main(int argc, char **argv){
        X509_EXTENSION *ext =NULL;
        X509V3_CTX *ctx;
        LHASH *lhash;
        SSL_library_init();
        OpenSSL_add_all_ciphers();
        OpenSSL_add_all_algorithms();
        SSL_load_error_strings();
        lhash = lh_new(NULL, NULL);
    X509V3_set_conf_lhash(ctx, lhash);
        ext = X509V3_EXT_conf(NULL, ctx, "proxyCertInfo", pci_value);
        if (ext == NULL){
        ERR_print_errors_fp(stderr);
                exit(-1);
        }
    X509V3_EXT_print_fp(stdout, ext, 0, 0);
    X509_EXTENSION_free(ext);
        /*X509V3_EXT_cleanup();
        PROXY_CERT_INFO_EXTENSION_free((PROXY_CERT_INFO_EXTENSION *)ext); */
        return 0;
}
Reply | Threaded
Open this post in threaded view
|

Re: unable to free PROXY_CERT_INFO_EXTENSION

Dr. Stephen Henson
On Mon, Dec 05, 2005, Matthew Rodriguez DSD staff wrote:

>
> I'll have to step through these 2 cases more carefully. I see that
> X509_EXTENSION_free
> and PROXY_CERT_INFO_EXTENSION_free both go through the ASN1_item free,
> and ASN1_item_combine_free
> but somewhere after that they go through different codepaths.
>

Well this:

> PROXY_CERT_INFO_EXTENSION_free((PROXY_CERT_INFO_EXTENSION *)ext); */

will crash because 'ext' isn't a pointer to a PROXY_CERT_INFO_EXTENSION
structure.

I notice you are doing:

> lhash = lh_new(NULL, NULL);

have you tried lh_free()? In fact you don't need an LHASH for this type of
extension in the way you use it so you should be able to pass it as NULL. In
fact you can avoid X509V3_CTX as well and pass that as NULL.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: unable to free PROXY_CERT_INFO_EXTENSION

Matt Rodriguez
Dr. Stephen Henson wrote:

>On Mon, Dec 05, 2005, Matthew Rodriguez DSD staff wrote:
>
>  
>
>>I'll have to step through these 2 cases more carefully. I see that
>>X509_EXTENSION_free
>>and PROXY_CERT_INFO_EXTENSION_free both go through the ASN1_item free,
>>and ASN1_item_combine_free
>>but somewhere after that they go through different codepaths.
>>
>>    
>>
>
>Well this:
>
>  
>
>> PROXY_CERT_INFO_EXTENSION_free((PROXY_CERT_INFO_EXTENSION *)ext); */
>>    
>>
>
>will crash because 'ext' isn't a pointer to a PROXY_CERT_INFO_EXTENSION
>structure.
>
>I notice you are doing:
>
>  
>
>> lhash = lh_new(NULL, NULL);
>>    
>>
>
>have you tried lh_free()? In fact you don't need an LHASH for this type of
>extension in the way you use it so you should be able to pass it as NULL. In
>fact you can avoid X509V3_CTX as well and pass that as NULL.
>  
>
I tried that first, but I also get a segmention fault when I pass the ctx in
as NULL.

Here is the backtrace of that.
0x400fa6a6 in do_ext_nconf (conf=0xbfffea20, ctx=0x0, ext_nid=663, crit=1,
    value=0x80489d2 "language:Inherit all") at v3_conf.c:154
154                     if(!ctx->db || !ctx->db_meth)
(gdb) bt
#0  0x400fa6a6 in do_ext_nconf (conf=0xbfffea20, ctx=0x0, ext_nid=663,
crit=1,
    value=0x80489d2 "language:Inherit all") at v3_conf.c:154
#1  0x400fa3fb in X509V3_EXT_nconf (conf=0xbfffea20, ctx=0x0,
    name=0x80489e7 "proxyCertInfo", value=0x80489d2 "language:Inherit all")
    at v3_conf.c:90
#2  0x400fb152 in X509V3_EXT_conf (conf=0x0, ctx=0x0,
    name=0x80489e7 "proxyCertInfo",
    value=0x80489c8 "critical, language:Inherit all") at v3_conf.c:462
#3  0x08048849 in main (argc=1, argv=0xbfffeb04) at x509_ext.c:17

The extension method that is retrived in the do_ext_nconf function only has
i2r and r2i methods. The context is checked for a db or a db_meth, since
it is
NULL we get a segfault.

Matt

>Steve.
>--
>Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
>OpenSSL project core developer and freelance consultant.
>Funding needed! Details on homepage.
>Homepage: http://www.drh-consultancy.demon.co.uk
>______________________________________________________________________
>OpenSSL Project                                 http://www.openssl.org
>User Support Mailing List                    [hidden email]
>Automated List Manager                           [hidden email]
>  
>

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: unable to free PROXY_CERT_INFO_EXTENSION

Dr. Stephen Henson
On Mon, Dec 05, 2005, Matthew Rodriguez DSD staff wrote:

> Dr. Stephen Henson wrote:
>
> >
> >have you tried lh_free()? In fact you don't need an LHASH for this type of
> >extension in the way you use it so you should be able to pass it as NULL.
> >In
> >fact you can avoid X509V3_CTX as well and pass that as NULL.
> >
> >
> I tried that first, but I also get a segmention fault when I pass the ctx in
> as NULL.
>

Did you also try lh_free()?

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: unable to free PROXY_CERT_INFO_EXTENSION

Richard Levitte - VMS Whacker
In reply to this post by Matt Rodriguez
In message <[hidden email]> on Mon, 05 Dec 2005 11:43:40 -0800, Matthew Rodriguez DSD staff <[hidden email]> said:

MKRodriguez> #include <openssl/x509v3.h>
MKRodriguez> #include <openssl/err.h>
MKRodriguez> #include <openssl/ssl.h>
MKRodriguez> static char * pci_value = "critical, language:Inherit all";
MKRodriguez>
MKRodriguez> int
MKRodriguez> main(int argc, char **argv){
MKRodriguez> X509_EXTENSION *ext =NULL;
MKRodriguez> X509V3_CTX *ctx;
MKRodriguez> LHASH *lhash;
MKRodriguez> SSL_library_init();
MKRodriguez> OpenSSL_add_all_ciphers();
MKRodriguez> OpenSSL_add_all_algorithms();
MKRodriguez> SSL_load_error_strings();
MKRodriguez> lhash = lh_new(NULL, NULL);
MKRodriguez>     X509V3_set_conf_lhash(ctx, lhash);
MKRodriguez> ext = X509V3_EXT_conf(NULL, ctx, "proxyCertInfo", pci_value);

As Stephen already noticed, ext isn't a PROXY_CERT_INFO_EXTENSION*.
To get that, you need to do the following:

   PROXY_CERT_INFO_EXTENSION *pci

   /* ... */

   pci = X509V3_EXT_d2i(ext);

MKRodriguez> if (ext == NULL){
MKRodriguez>         ERR_print_errors_fp(stderr);
MKRodriguez> exit(-1);
MKRodriguez> }
MKRodriguez>     X509V3_EXT_print_fp(stdout, ext, 0, 0);
MKRodriguez>     X509_EXTENSION_free(ext);
MKRodriguez> /*X509V3_EXT_cleanup();
MKRodriguez> PROXY_CERT_INFO_EXTENSION_free((PROXY_CERT_INFO_EXTENSION *)ext); */

And of course, freeing a X509_EXTENSION with a routine to free a
PROCY_CERT_INFO_EXTENSION won't work.  Two different structures!
Plus, you have already free'd ext!

MKRodriguez> return 0;
MKRodriguez> }

Cheers,
Richard

--
Richard Levitte                         [hidden email]
                                        http://richard.levitte.org/

"When I became a man I put away childish things, including
 the fear of childishness and the desire to be very grown up."
                                                -- C.S. Lewis
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: unable to free PROXY_CERT_INFO_EXTENSION

Matt Rodriguez
In reply to this post by Dr. Stephen Henson
Dr. Stephen Henson wrote:

Yes I tried lh_free. I call lh_free before I call EXTENSION_free. Using
valgrind I still
see a memory leak. It seems that in the r2i_pci call there is a
PROXY_CERT_INFO_EXTENSION_new
call. This memory is not being freed elsewhere. I don't see how the
LHASH memory is related
to the memory allocated in the PROXY_CERT_INFO_EXTENSION_new call. If
they are related let me know.

8 bytes in 1 blocks are definitely lost in loss record 1 of 3
==15976== at 0x1B9008D9: malloc (vg_replace_malloc.c:149)
==15976== by 0x1B93A280: default_malloc_ex (mem.c:79)
==15976== by 0x1B93A907: CRYPTO_malloc (mem.c:304)
==15976== by 0x1B9C9F68: asn1_item_ex_combine_new (tasn_new.c:191)
==15976== by 0x1B9CA280: ASN1_template_new (tasn_new.c:302)
==15976== by 0x1B9C9FF5: asn1_item_ex_combine_new (tasn_new.c:201)
==15976== by 0x1B9C9CA8: ASN1_item_ex_new (tasn_new.c:85)
==15976== by 0x1B9C9C74: ASN1_item_new (tasn_new.c:76)
==15976== by 0x1B9F089C: PROXY_CERT_INFO_EXTENSION_new (v3_pcia.c:55)
==15976== by 0x1B9F13EE: r2i_pci (v3_pci.c:283)
==15976== by 0x1B9E66F7: do_ext_nconf (v3_conf.c:159)
==15976== by 0x1B9E63FA: X509V3_EXT_nconf (v3_conf.c:90)

I have 2 questions.

1. Should I be able to call to create a proxyCertInfo extension by
making this call.
static char * pci_value = "critical, language:Inherit all";
ext = X509V3_EXT_conf(NULL, NULL, "proxyCertInfo", pci_value);

That is passing in NULL for the ctx and the LHASH object. I claim that
if I do this that causes
a segmentation fault. Has anybody else seen this behavior?

2. If I create a proxyCertInfo extension using the X509V3_EXT_conf call,
should I be able
to free the memory using only a X509_EXTENSION_free call? Since I did
not call
PROXY_CERT_INFO_EXTENSION_new, I don't think I should have to call
PROXY_CERT_INFO_EXTENSION_free.

Thanks,
Matt Rodriguez

>On Mon, Dec 05, 2005, Matthew Rodriguez DSD staff wrote:
>
>  
>
>>Dr. Stephen Henson wrote:
>>
>>    
>>
>>>have you tried lh_free()? In fact you don't need an LHASH for this type of
>>>extension in the way you use it so you should be able to pass it as NULL.
>>>In
>>>fact you can avoid X509V3_CTX as well and pass that as NULL.
>>>
>>>
>>>      
>>>
>>I tried that first, but I also get a segmention fault when I pass the ctx in
>>as NULL.
>>
>>    
>>
>
>Did you also try lh_free()?
>
>Steve.
>--
>Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
>OpenSSL project core developer and freelance consultant.
>Funding needed! Details on homepage.
>Homepage: http://www.drh-consultancy.demon.co.uk
>______________________________________________________________________
>OpenSSL Project                                 http://www.openssl.org
>User Support Mailing List                    [hidden email]
>Automated List Manager                           [hidden email]
>  
>

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]