New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Memory leak #1586
Comments
|
|
|
Will surely have a look and do a PR, but I have used the latest version in this case. |
|
CVE-2019-6502 was assigned to this issue. |
|
Hi @frankmorgner |
|
Hi RootUp. Could you please share how you are triggering/reproducing this leak? |
|
Sure, below steps for your reference. git clone https://github.com/OpenSC/OpenSC.git
./bootstrap
CC=afl-clang-fast CXX=afl-clang-fast++ ASAN_OPTIONS=symbolize=0 AFL_USE_ASAN=1 ./configure
make |
|
Thanks, that's how to build it, but how do you reliably reproduce the issue? |
|
Hi @sgayou I can reproduce this issue almost every time. |
|
Thank you for reporting this RootUp. Please see https://bugzilla.redhat.com/show_bug.cgi?id=1668933 for more information. Submitted a pull request 1616 to fix this. The first issue appears to be a failure to sc_release_context when a card reader isn't found. Instead of just returning -1, cleanup needs to occur first. After that fix, the 632/224 byte leaks are gone, but there are still a few smaller leaks. I believe the secondary leaks are from pcsc-lite and not OpenSC. See this issue: #512 Overall, I don't think think the first issue is a security issue at all. The second may be, but it would be a potential denial of service in pcsc-lite instead of OpenSC (although it would impact OpenSC as a consumer of the library). Interestingly, pcsc-lite doesn't have a CVE assigned for that flaw, which seems a bit more credible. I'd recommend the maintainer REJECT this CVE. Let me know if anyone else has a different opinion on the analysis. |
I am now unable to reproduce these "secondary leaks" after testing multiple times. Unclear what I was doing yesterday to cause them, but they're gone now. Tested on versions across various RHEL builds as well as Fedora 29. Patch still seems correct for initial issue. |
CVE-2019-6502 was assigned to what appears to be a very minor memory leak that only occurs on an error-case in a CLI tool. If util_connect_card fails, we still need to release the sc context previously allocated by sc_context_create else memory will leak.
Hi Team,
I have build this repo using clang via ASAN, a memory leak was detected in
eidenv.cASAN
eidenv.c
The text was updated successfully, but these errors were encountered: