memory leak in X509 certificate validation #237

Closed
MrSaturday opened this Issue Aug 8, 2016 · 1 comment

Projects

None yet

2 participants

@MrSaturday
MrSaturday commented Aug 8, 2016 edited

I get following Valgrind output from an application utilizing libmosquitto:
==9472== 265 (32 direct, 233 indirect) bytes in 1 blocks are definitely lost in loss record 588 of 638
==9472== at 0x4C2BBCF: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==9472== by 0x5103E77: CRYPTO_malloc (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==9472== by 0x51BA7AE: sk_new (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==9472== by 0x51E2402: ??? (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==9472== by 0x51E255B: ??? (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==9472== by 0x51E1736: ASN1_item_ex_d2i (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==9472== by 0x51E206A: ASN1_item_d2i (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==9472== by 0x5200703: X509V3_EXT_d2i (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==9472== by 0x45CDB6: _mosquitto_verify_certificate_hostname (in /tmp/build/DCe.x86_64-generic-linux.Debug/sample)
==9472== by 0x45CC59: _mosquitto_server_certificate_verify (in /tmp/build/DCe.x86_64-generic-linux.Debug/sample)
==9472== by 0x51F5BC4: ??? (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==9472== by 0x51F77C1: X509_verify_cert (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)

It seems that in
lib/tls_mosq.c
int _mosquitto_verify_certificate_hostname(X509 *cert, const char *hostname)
san = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL); allocates memory to san that is never freed.

@ralight ralight added a commit that referenced this issue Aug 8, 2016
@ralight ralight [237] Fix memory leak when verifying a server certificate.
Only for certificates with a subjectAltName. Closes #237.

Thanks to MrSaturday.

Bug: #237
79cc06b
@ralight
Contributor
ralight commented Aug 8, 2016

Thanks very much, this should fix it.

@ralight ralight closed this Aug 8, 2016
@ralight ralight added this to the Fixes-next milestone Aug 8, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment