Skip to content
This repository

Fix a BIO leak when verifying SSL certificates or calling get_peer_cert. #403

Merged
merged 1 commit into from about 1 year ago

3 participants

Nelson Elhage Iñaki Baz Castillo Aman Gupta
Nelson Elhage

You can verify this with a modification of the trivial start_tls example program. Prior to this patch, the following program's memory usage will grow unboundedly.

require 'eventmachine'

module Handler
  def post_init
    puts "Starting TLS"
    start_tls
  end

  def ssl_handshake_completed
    puts "Connected. Cert:"
    puts get_peer_cert
    loop { get_peer_cert }
  end

  def unbind
    EventMachine::stop_event_loop
  end
end

EventMachine.run do
  EventMachine.connect "mail.google.com", 443, Handler
end
Iñaki Baz Castillo

Good catch! I've applied it in EM-LE:

ibc@0e43c99

Aman Gupta tmm1 merged commit 016800f into from February 19, 2013
Aman Gupta tmm1 closed this February 19, 2013
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
This page is out of date. Refresh to see the latest.
2  ext/rubymain.cpp
@@ -332,7 +332,7 @@ static VALUE t_get_peer_cert (VALUE self, VALUE signature)
332 332
 		BIO_get_mem_ptr(out, &buf);
333 333
 		ret = rb_str_new(buf->data, buf->length);
334 334
 		X509_free(cert);
335  
-		BUF_MEM_free(buf);
  335
+		BIO_free(out);
336 336
 	}
337 337
 	#endif
338 338
 
2  ext/ssl.cpp
@@ -459,7 +459,7 @@ extern "C" int ssl_verify_wrapper(int preverify_ok, X509_STORE_CTX *ctx)
459 459
 
460 460
 	ConnectionDescriptor *cd = dynamic_cast <ConnectionDescriptor*> (Bindable_t::GetObject(binding));
461 461
 	result = (cd->VerifySslPeer(buf->data) == true ? 1 : 0);
462  
-	BUF_MEM_free(buf);
  462
+	BIO_free(out);
463 463
 
464 464
 	return result;
465 465
 }
Commit_comment_tip

Tip: You can add notes to lines in a file. Hover to the left of a line to make a note

Something went wrong with that request. Please try again.