New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

memory leak in X509 certificate validation #237

szsobocinski opened this Issue Aug 8, 2016 · 1 comment


None yet
2 participants

szsobocinski commented Aug 8, 2016

I get following Valgrind output from an application utilizing libmosquitto:
==9472== 265 (32 direct, 233 indirect) bytes in 1 blocks are definitely lost in loss record 588 of 638
==9472== at 0x4C2BBCF: malloc (in /usr/lib/valgrind/
==9472== by 0x5103E77: CRYPTO_malloc (in /lib/x86_64-linux-gnu/
==9472== by 0x51BA7AE: sk_new (in /lib/x86_64-linux-gnu/
==9472== by 0x51E2402: ??? (in /lib/x86_64-linux-gnu/
==9472== by 0x51E255B: ??? (in /lib/x86_64-linux-gnu/
==9472== by 0x51E1736: ASN1_item_ex_d2i (in /lib/x86_64-linux-gnu/
==9472== by 0x51E206A: ASN1_item_d2i (in /lib/x86_64-linux-gnu/
==9472== by 0x5200703: X509V3_EXT_d2i (in /lib/x86_64-linux-gnu/
==9472== by 0x45CDB6: _mosquitto_verify_certificate_hostname (in /tmp/build/DCe.x86_64-generic-linux.Debug/sample)
==9472== by 0x45CC59: _mosquitto_server_certificate_verify (in /tmp/build/DCe.x86_64-generic-linux.Debug/sample)
==9472== by 0x51F5BC4: ??? (in /lib/x86_64-linux-gnu/
==9472== by 0x51F77C1: X509_verify_cert (in /lib/x86_64-linux-gnu/

It seems that in
int _mosquitto_verify_certificate_hostname(X509 *cert, const char *hostname)
san = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL); allocates memory to san that is never freed.

ralight added a commit that referenced this issue Aug 8, 2016

[237] Fix memory leak when verifying a server certificate.
Only for certificates with a subjectAltName. Closes #237.

Thanks to MrSaturday.

Bug: #237

This comment has been minimized.

Show comment
Hide comment

ralight Aug 8, 2016


Thanks very much, this should fix it.


ralight commented Aug 8, 2016

Thanks very much, this should fix it.

@ralight ralight closed this Aug 8, 2016

@ralight ralight added this to the Fixes-next milestone Aug 8, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment