Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

WolfSSL memory leak #6616

gvanem opened this issue Feb 17, 2021 · 0 comments

WolfSSL memory leak #6616

gvanem opened this issue Feb 17, 2021 · 0 comments


Copy link

gvanem commented Feb 17, 2021

I did this

  • Build everything with MSVC-2019 (Release) from a fresh git pull 2 hours and with:

  • Added these env-vars:

    • c:\> set CURL_SSL_BACKEND=wolfssl and
    • c:\> set CURL_MEMDEBUG=f:\gv\tmp\memdebug.curl
  • Commented out random-file and cacert in my %APPDATA%/curlrc and then ran some curl commands with
    perl test/ in between:

curl.exe -oNUL

At df4f480, there's 36 bytes. 
 allocated by vtls/vtls.c:165
At dfe0980, there's 15 bytes.
 allocated by vtls/vtls.c:510 

curl.exe -oNUL --random-file f:\gv\tmp\.rand:

At da03928, there's 36 bytes.
 allocated by vtls/vtls.c:165
At e080490, there's 10 bytes.
 allocated by vtls/vtls.c:510
At e080580, there's 16 bytes.
 allocated by vtls/vtls.c:167

Definitely an issue with CLONE_STRING(random_file). Not sure about the 2 others.

It seems Curl_free_primary_ssl_config() isn't always called for WolfSSL. Not sure how that should happen since the comment in vtls/wolfssl.c:

  static void wolfssl_session_free(void *ptr)
    /* wolfSSL reuses sessions on own, no free */

made me wonder if the leak was caused by WolfSSL (I think not).

I expected the following

A perl test/ to report no memory leaks.

curl/libcurl version

curl 7.76.0-DEV (i386-pc-win32) libcurl/7.76.0-DEV wolfSSL/4.5.0 (mbedTLS/2.25.0) (OpenSSL/3.0.0) (Schannel (crustls/0.2.0/rustls/0.19.0) zlib/1.2.11 brotli/1.0.0 zstd/1.4.4 c-ares/1.17.0 WinIDN libssh2/1.9.0_DEV librtmp/2.3 Hyper/0.14.2
Release-Date: [unreleased]
Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap ldaps mqtt pop3 pop3s rtmp scp sftp smb smbs smtp smtps telnet tftp
Features: AsynchDNS Debug HTTP2 IDN IPv6 Kerberos Largefile MultiSSL NTLM SPNEGO SSL SSPI TLS-SRP TrackMemory UnixSocket s alt-svc brotli libz zstd

operating system

Windows-10, 20H2 (Build 19042.802).

@bagder bagder self-assigned this Feb 17, 2021
bagder added a commit that referenced this issue Feb 17, 2021
This caused a memory leak as the session id cache entry was still
erroneously stored with a NULL sessionid and that would later be treated
as not needed to get freed.

Reported-by: Gisle Vanem
Fixes #6616
@bagder bagder closed this as completed in bc928be Feb 17, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Successfully merging a pull request may close this issue.

2 participants