Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SChannel: mem-leaks on failed InitializeSecurityContext() #7877

gvanem opened this issue Oct 19, 2021 · 2 comments

SChannel: mem-leaks on failed InitializeSecurityContext() #7877

gvanem opened this issue Oct 19, 2021 · 2 comments


Copy link

gvanem commented Oct 19, 2021

When building with -DCURLDEBUG=1, there are some leaks in vtls/schannel.c
on abnormal protocol handshake situations. One is caused by the failure here.

Verified with this <curl_root>\src\schannel-leak-test.bat file:

@echo off
set CURL_SSL_BACKEND=schannel
curl.exe -vL
perl ..\tests\ -v c:\temp\memdebug.curl

Running it results in:


* STATE: PROTOCONNECT => PROTOCONNECTING handle 0xc7a5aa0; line 2000 (connection #1)
* schannel: SSL/TLS connection with port 443 (step 2/3)
* schannel: encrypted data got 494
* schannel: encrypted data buffer: offset 494 length 4096
* schannel: next InitializeSecurityContext failed: SEC_E_INVALID_TOKEN (0x80090308) -
  Tokenet som ble levert til funksjonen, er ugyldig == "The token supplied to the function is invalid ".

* multi_done
  0     0    0     0    0     0      0      0 --:--:--  0:00:01 --:--:--     0
* The cache now contains 1 members
* Closing connection 1
* Expire cleared (transfer 0xc7a5aa0)

Leak detected: memory still allocated: 8232 bytes
At c7ebae8, there's 4096 bytes.
 allocated by vtls/schannel.c:1060
At 48a6aa0, there's 24 bytes.
 allocated by vtls/schannel.c:708
At c7e9438, there's 16 bytes.
 allocated by vtls/schannel.c:935
At c7eaad0, there's 4096 bytes.
 allocated by vtls/schannel.c:1048

And using wget (w/OpenSSL) gives:

<title>301 Moved Permanently</title>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="">here</a>.</p>
<address>Apache/2.4.46 (Debian) Server at Port 80</address>
SSL handshake failed.
OpenSSL: error:0A00010B:SSL routines::wrong version number

Some misconfigured web-server?

Copy link
Contributor Author

gvanem commented Oct 19, 2021

The above .bat file needs a fix:

@echo off
set CURL_SSL_BACKEND=schannel
set CURL_MEMDEBUG=%TEMP%\memdebug.curl
set URL=
curl.exe -vL %URL%
echo -----------------------------------------------
perl ..\tests\ -v %CURL_MEMDEBUG%

Copy link

jay commented Nov 2, 2021

Thanks. I used some of the code from #7878 and gave you Co-authored-by credit.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

No branches or pull requests

3 participants