crypto: fix memory leaks in cert validation #12089

Closed
wants to merge 1 commit into
from

Conversation

@Nibbler999
Contributor

Nibbler999 commented Mar 28, 2017

The additional validity checks applied to StartCom and WoSign certificates failed to free memory before returning.

Checklist
  • make -j4 test (UNIX), or vcbuild test (Windows) passes
  • commit message follows [commit guidelines][]
Affected core subsystem(s)

crypto

@gibfahn

This comment has been minimized.

Show comment
Hide comment
Member

gibfahn commented Mar 28, 2017

@shigeki

This comment has been minimized.

Show comment
Hide comment
@shigeki

shigeki Mar 28, 2017

Contributor

I will take a look at this right now.

Contributor

shigeki commented Mar 28, 2017

I will take a look at this right now.

@addaleax

This comment has been minimized.

Show comment
Hide comment
@shigeki

This comment has been minimized.

Show comment
Hide comment
@shigeki

shigeki Mar 28, 2017

Contributor

@addaleax Probably, yes.

Contributor

shigeki commented Mar 28, 2017

@addaleax Probably, yes.

@seishun

This comment has been minimized.

Show comment
Hide comment
@seishun

seishun Mar 28, 2017

Member

Have we ever considered adding RAII wrappers for such functions to prevent memory leaks in the future?

Member

seishun commented Mar 28, 2017

Have we ever considered adding RAII wrappers for such functions to prevent memory leaks in the future?

@shigeki

This comment has been minimized.

Show comment
Hide comment
@shigeki

shigeki Mar 28, 2017

Contributor

The fix is good. I will check the memory usage to see if there is no other memory growth.

Contributor

shigeki commented Mar 28, 2017

The fix is good. I will check the memory usage to see if there is no other memory growth.

@indutny

One minor nit, otherwise LGTM. Good catch!

@@ -2785,8 +2785,12 @@ inline bool CertIsStartComOrWoSign(X509_NAME* name) {
startcom_wosign_data = dn.data;
startcom_wosign_name = d2i_X509_NAME(nullptr, &startcom_wosign_data,
dn.len);
- if (X509_NAME_cmp(name, startcom_wosign_name) == 0)

This comment has been minimized.

@indutny

indutny Mar 28, 2017

Member

Should we just store the result to int cmp and free before the condition test?

@indutny

indutny Mar 28, 2017

Member

Should we just store the result to int cmp and free before the condition test?

@cjihrig

I like @indutny's suggestion.

Tom Atkinson
crypto: fix memory leak if certificate is revoked
The additional validity checks applied to StartCom and WoSign
certificates failed to free memory before returning.

Refs: #9469
Fixes: #12033
@Nibbler999

This comment has been minimized.

Show comment
Hide comment
@Nibbler999

Nibbler999 Mar 28, 2017

Contributor

Updated as suggested.

Contributor

Nibbler999 commented Mar 28, 2017

Updated as suggested.

@shigeki

This comment has been minimized.

Show comment
Hide comment
@shigeki

shigeki Mar 28, 2017

Contributor

Here are the graph of rss profile up to 100,000 tls.connect to two servers (verify ok and revoked with SmartCom filter). It obviously shows that this fixes the memory leaks.
tls_leaks 001

@Nibbler999 Thanks for finding and fixing this.
A new CI is running on https://ci.nodejs.org/job/node-test-pull-request/7074/.
After it is green, I would like to land this and ask for a new release.
Do we need to wait for 48 hours?

Contributor

shigeki commented Mar 28, 2017

Here are the graph of rss profile up to 100,000 tls.connect to two servers (verify ok and revoked with SmartCom filter). It obviously shows that this fixes the memory leaks.
tls_leaks 001

@Nibbler999 Thanks for finding and fixing this.
A new CI is running on https://ci.nodejs.org/job/node-test-pull-request/7074/.
After it is green, I would like to land this and ask for a new release.
Do we need to wait for 48 hours?

@shigeki

This comment has been minimized.

Show comment
Hide comment
@shigeki

shigeki Mar 28, 2017

Contributor

CI results are all green.

Contributor

shigeki commented Mar 28, 2017

CI results are all green.

@indutny

LGTM

@MylesBorins

Rubber Stamp LGTM

CI is green.

@MylesBorins

This comment has been minimized.

Show comment
Hide comment
@MylesBorins

MylesBorins Mar 28, 2017

Member

I vote that we skip 48 hours and land immediately so we can do a v7.x release with this asap. Then we can backport to v4.x and v6.x and get a new release out for LTS ASAP as well

Member

MylesBorins commented Mar 28, 2017

I vote that we skip 48 hours and land immediately so we can do a v7.x release with this asap. Then we can backport to v4.x and v6.x and get a new release out for LTS ASAP as well

@shigeki

This comment has been minimized.

Show comment
Hide comment
@shigeki

shigeki Mar 28, 2017

Contributor

Okay, @MylesBorins , @sam-github , @addaleax and I agree it and this have enough approvals. I'll make landing this. [Edited]

Contributor

shigeki commented Mar 28, 2017

Okay, @MylesBorins , @sam-github , @addaleax and I agree it and this have enough approvals. I'll make landing this. [Edited]

shigeki added a commit that referenced this pull request Mar 28, 2017

crypto: fix memory leak if certificate is revoked
The additional validity checks applied to StartCom and WoSign
certificates failed to free memory before returning.

Refs: #9469
Fixes: #12033
PR-URL: #12089
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Myles Borins <myles.borins@gmail.com>
Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>

@MylesBorins MylesBorins referenced this pull request in nodejs/Release Mar 28, 2017

Closed

Regressions in v4.8.1 and v6.10.1 #193

@shigeki

This comment has been minimized.

Show comment
Hide comment
@shigeki

shigeki Mar 28, 2017

Contributor

Thanks for everyone making reviewing so quickly. Landed in a6f9494.
@Nibbler999 I really appreciate your fix.

@MylesBorins I would like to ask you to prepare new releases.

Contributor

shigeki commented Mar 28, 2017

Thanks for everyone making reviewing so quickly. Landed in a6f9494.
@Nibbler999 I really appreciate your fix.

@MylesBorins I would like to ask you to prepare new releases.

@shigeki shigeki closed this Mar 28, 2017

MylesBorins added a commit that referenced this pull request Mar 28, 2017

crypto: fix memory leak if certificate is revoked
The additional validity checks applied to StartCom and WoSign
certificates failed to free memory before returning.

Refs: #9469
Fixes: #12033
PR-URL: #12089
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Myles Borins <myles.borins@gmail.com>
Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>

@MylesBorins MylesBorins referenced this pull request Mar 28, 2017

Merged

V7.8.0 proposal #12104

MylesBorins added a commit that referenced this pull request Mar 28, 2017

2017-03-28, Version 7.8.0 (Current)
Notable changes:

* buffer:
  - do not segfault on out-of-range index (Timothy Gu)
    #11927
* crypto:
  - Fix memory leak if certificate is revoked (Tom Atkinson)
    #12089
* deps:
  * upgrade npm to 4.2.0 (Kat Marchán)
    #11389
  * fix async await desugaring in V8 (Michaël Zasso)
    #12004
* readline:
  - add option to stop duplicates in history (Danny Nemer)
    #2982
* src:
  - add native URL class (James M Snell)
    #11801

PR-URL: #12104

MylesBorins added a commit that referenced this pull request Mar 29, 2017

2017-03-28, Version 7.8.0 (Current)
Notable changes:

* buffer:
  - do not segfault on out-of-range index (Timothy Gu)
    #11927
* crypto:
  - Fix memory leak if certificate is revoked (Tom Atkinson)
    #12089
* deps:
  * upgrade npm to 4.2.0 (Kat Marchán)
    #11389
  * fix async await desugaring in V8 (Michaël Zasso)
    #12004
* readline:
  - add option to stop duplicates in history (Danny Nemer)
    #2982
* src:
  - add native URL class (James M Snell)
    #11801

PR-URL: #12104

MylesBorins added a commit that referenced this pull request Mar 29, 2017

crypto: fix memory leak if certificate is revoked
The additional validity checks applied to StartCom and WoSign
certificates failed to free memory before returning.

Refs: #9469
Fixes: #12033
PR-URL: #12089
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Myles Borins <myles.borins@gmail.com>
Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>

MylesBorins added a commit that referenced this pull request Mar 29, 2017

crypto: fix memory leak if certificate is revoked
The additional validity checks applied to StartCom and WoSign
certificates failed to free memory before returning.

Refs: #9469
Fixes: #12033
PR-URL: #12089
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Myles Borins <myles.borins@gmail.com>
Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
@MylesBorins

This comment has been minimized.

Show comment
Hide comment
@MylesBorins

MylesBorins Mar 29, 2017

Member

This has now been release in v7.8.0.

Will release v4.8.2-rc.1 and v6.10.2-rc.1 tomorrow

Member

MylesBorins commented Mar 29, 2017

This has now been release in v7.8.0.

Will release v4.8.2-rc.1 and v6.10.2-rc.1 tomorrow

@philippevk philippevk referenced this pull request in axios/axios Mar 29, 2017

Closed

Memory leak with https #791

MylesBorins added a commit that referenced this pull request Mar 29, 2017

crypto: fix memory leak if certificate is revoked
The additional validity checks applied to StartCom and WoSign
certificates failed to free memory before returning.

Refs: #9469
Fixes: #12033
PR-URL: #12089
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Myles Borins <myles.borins@gmail.com>
Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>

MylesBorins added a commit that referenced this pull request Mar 29, 2017

crypto: fix memory leak if certificate is revoked
The additional validity checks applied to StartCom and WoSign
certificates failed to free memory before returning.

Refs: #9469
Fixes: #12033
PR-URL: #12089
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Myles Borins <myles.borins@gmail.com>
Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>

MylesBorins added a commit that referenced this pull request Mar 29, 2017

crypto: fix memory leak if certificate is revoked
The additional validity checks applied to StartCom and WoSign
certificates failed to free memory before returning.

Refs: #9469
Fixes: #12033
PR-URL: #12089
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Myles Borins <myles.borins@gmail.com>
Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>

MylesBorins added a commit that referenced this pull request Mar 29, 2017

2017-04-04, Version 4.8.2 'Argon' (LTS)
This is a special LTS to fix a memory leak that was introduced
in 4.8.1.

It also includes an upgrade to zlib 1.2.11 to fix a number of low
severity CVEs that were present in zlib 1.2.8.

http://seclists.org/oss-sec/2016/q4/602

Notable changes:

* crypto:
  - fix memory leak if certificate is revoked (Tom Atkinson)
    #12089
* deps:
  - upgrade zlib to 1.2.11 (Sam Roberts)
    #10980

@MylesBorins MylesBorins referenced this pull request Mar 29, 2017

Merged

V6.10.2 proposal #12128

MylesBorins added a commit that referenced this pull request Mar 29, 2017

2017-04-04, Version 6.10.2 'Boron' (LTS)
This is a special LTS to fix a number of regressions that were found
on the 6.10.x release line.

This includes:

 * a fix for memory leak in the crypto module that
   was introduced in 6.10.1
 * a fix for a regression introduced to the windows repl in 6.10.0
 * a backported fix for V8 to stop a segfault that could occur
   when using spread syntax

It also includes an upgrade to zlib 1.2.11 to fix a numberof low
severity CVEs that were present in zlib 1.2.8.

http://seclists.org/oss-sec/2016/q4/602

Notable changes

* crypto:
  - fix memory leak if certificate is revoked (Tom Atkinson)
    #12089
* deps:
  - upgrade zlib to 1.2.11 (Sam Roberts)
    #10980
  - backport V8 fixes for spread syntax regression causing segfaults
    (Michaël Zasso) #12037
* repl:
  - Revert commit that broke REPL display on Windows (Myles Borins)
    #12123

@MylesBorins MylesBorins referenced this pull request Mar 29, 2017

Merged

v4.8.2 proposal #12129

@coox coox referenced this pull request Mar 31, 2017

Closed

Node v7.6.0+ memory leak #12019

MylesBorins added a commit that referenced this pull request Apr 4, 2017

2017-04-04, Version 4.8.2 'Argon' (Maintenance)
This is a maintenance release to fix a memory leak that was
introduced in 4.8.1.

It also includes an upgrade to zlib 1.2.11 to fix a number of low
severity CVEs that were present in zlib 1.2.8.

http://seclists.org/oss-sec/2016/q4/602

Notable changes:

* crypto:
  - fix memory leak if certificate is revoked (Tom Atkinson)
    #12089
* deps:
  - upgrade zlib to 1.2.11 (Sam Roberts)
    #10980

MylesBorins added a commit that referenced this pull request Apr 4, 2017

2017-04-04, Version 6.10.2 'Boron' (LTS)
This is a special LTS to fix a number of regressions that were found
on the 6.10.x release line.

This includes:

 * a fix for memory leak in the crypto module that
   was introduced in 6.10.1
 * a fix for a regression introduced to the windows repl in 6.10.0
 * a backported fix for V8 to stop a segfault that could occur
   when using spread syntax

It also includes an upgrade to zlib 1.2.11 to fix a numberof low
severity CVEs that were present in zlib 1.2.8.

http://seclists.org/oss-sec/2016/q4/602

Notable changes

* crypto:
  - fix memory leak if certificate is revoked (Tom Atkinson)
    #12089
* deps:
  - upgrade zlib to 1.2.11 (Sam Roberts)
    #10980
  - backport V8 fixes for spread syntax regression causing segfaults
    (Michaël Zasso) #12037
* repl:
  - Revert commit that broke REPL display on Windows (Myles Borins)
    #12123

MylesBorins added a commit to MylesBorins/node that referenced this pull request Apr 4, 2017

2017-04-04, Version 6.10.2 'Boron' (LTS)
This is a special LTS to fix a number of regressions that were found
on the 6.10.x release line.

This includes:

 * a fix for memory leak in the crypto module that
   was introduced in 6.10.1
 * a fix for a regression introduced to the windows repl in 6.10.0
 * a backported fix for V8 to stop a segfault that could occur
   when using spread syntax

It also includes an upgrade to zlib 1.2.11 to fix a numberof low
severity CVEs that were present in zlib 1.2.8.

http://seclists.org/oss-sec/2016/q4/602

Notable changes

* crypto:
  - fix memory leak if certificate is revoked (Tom Atkinson)
    nodejs#12089
* deps:
  - upgrade zlib to 1.2.11 (Sam Roberts)
    nodejs#10980
  - backport V8 fixes for spread syntax regression causing segfaults
    (Michaël Zasso) nodejs#12037
* repl:
  - Revert commit that broke REPL display on Windows (Myles Borins)
    nodejs#12123

MylesBorins added a commit to MylesBorins/node that referenced this pull request Apr 4, 2017

2017-04-04, Version 4.8.2 'Argon' (Maintenance)
This is a maintenance release to fix a memory leak that was
introduced in 4.8.1.

It also includes an upgrade to zlib 1.2.11 to fix a number of low
severity CVEs that were present in zlib 1.2.8.

http://seclists.org/oss-sec/2016/q4/602

Notable changes:

* crypto:
  - fix memory leak if certificate is revoked (Tom Atkinson)
    nodejs#12089
* deps:
  - upgrade zlib to 1.2.11 (Sam Roberts)
    nodejs#10980

@italoacasas italoacasas referenced this pull request Apr 10, 2017

Merged

v7.9.0 Release Proposal #12319

2 of 2 tasks complete

imyller added a commit to imyller/meta-nodejs that referenced this pull request Apr 20, 2017

2017-04-04, Version 4.8.2 'Argon' (Maintenance)
    This is a maintenance release to fix a memory leak that was
    introduced in 4.8.1.

    It also includes an upgrade to zlib 1.2.11 to fix a number of low
    severity CVEs that were present in zlib 1.2.8.

    http://seclists.org/oss-sec/2016/q4/602

    Notable changes:

    * crypto:
      - fix memory leak if certificate is revoked (Tom Atkinson)
        nodejs/node#12089
    * deps:
      - upgrade zlib to 1.2.11 (Sam Roberts)
        nodejs/node#10980

Signed-off-by: Ilkka Myller <ilkka.myller@nodefield.com>

imyller added a commit to imyller/meta-nodejs that referenced this pull request Apr 20, 2017

2017-04-04, Version 6.10.2 'Boron' (LTS)
    This is a special LTS to fix a number of regressions that were found
    on the 6.10.x release line.

    This includes:

     * a fix for memory leak in the crypto module that
       was introduced in 6.10.1
     * a fix for a regression introduced to the windows repl in 6.10.0
     * a backported fix for V8 to stop a segfault that could occur
       when using spread syntax

    It also includes an upgrade to zlib 1.2.11 to fix a numberof low
    severity CVEs that were present in zlib 1.2.8.

    http://seclists.org/oss-sec/2016/q4/602

    Notable changes

    * crypto:
      - fix memory leak if certificate is revoked (Tom Atkinson)
        nodejs/node#12089
    * deps:
      - upgrade zlib to 1.2.11 (Sam Roberts)
        nodejs/node#10980
      - backport V8 fixes for spread syntax regression causing segfaults
        (Michaël Zasso) nodejs/node#12037
    * repl:
      - Revert commit that broke REPL display on Windows (Myles Borins)
        nodejs/node#12123

Signed-off-by: Ilkka Myller <ilkka.myller@nodefield.com>

imyller added a commit to imyller/meta-nodejs that referenced this pull request Apr 20, 2017

2017-03-28, Version 7.8.0 (Current)
    Notable changes:

    * buffer:
      - do not segfault on out-of-range index (Timothy Gu)
        nodejs/node#11927
    * crypto:
      - Fix memory leak if certificate is revoked (Tom Atkinson)
        nodejs/node#12089
    * deps:
      * upgrade npm to 4.2.0 (Kat Marchán)
        nodejs/node#11389
      * fix async await desugaring in V8 (Michaël Zasso)
        nodejs/node#12004
    * readline:
      - add option to stop duplicates in history (Danny Nemer)
        nodejs/node#2982
    * src:
      - add native URL class (James M Snell)
        nodejs/node#11801

    PR-URL: nodejs/node#12104

Signed-off-by: Ilkka Myller <ilkka.myller@nodefield.com>

imyller added a commit to imyller/meta-nodejs that referenced this pull request Apr 20, 2017

2017-04-04, Version 4.8.2 'Argon' (Maintenance)
    This is a maintenance release to fix a memory leak that was
    introduced in 4.8.1.

    It also includes an upgrade to zlib 1.2.11 to fix a number of low
    severity CVEs that were present in zlib 1.2.8.

    http://seclists.org/oss-sec/2016/q4/602

    Notable changes:

    * crypto:
      - fix memory leak if certificate is revoked (Tom Atkinson)
        nodejs/node#12089
    * deps:
      - upgrade zlib to 1.2.11 (Sam Roberts)
        nodejs/node#10980

Signed-off-by: Ilkka Myller <ilkka.myller@nodefield.com>

imyller added a commit to imyller/meta-nodejs that referenced this pull request Apr 20, 2017

2017-04-04, Version 6.10.2 'Boron' (LTS)
    This is a special LTS to fix a number of regressions that were found
    on the 6.10.x release line.

    This includes:

     * a fix for memory leak in the crypto module that
       was introduced in 6.10.1
     * a fix for a regression introduced to the windows repl in 6.10.0
     * a backported fix for V8 to stop a segfault that could occur
       when using spread syntax

    It also includes an upgrade to zlib 1.2.11 to fix a numberof low
    severity CVEs that were present in zlib 1.2.8.

    http://seclists.org/oss-sec/2016/q4/602

    Notable changes

    * crypto:
      - fix memory leak if certificate is revoked (Tom Atkinson)
        nodejs/node#12089
    * deps:
      - upgrade zlib to 1.2.11 (Sam Roberts)
        nodejs/node#10980
      - backport V8 fixes for spread syntax regression causing segfaults
        (Michaël Zasso) nodejs/node#12037
    * repl:
      - Revert commit that broke REPL display on Windows (Myles Borins)
        nodejs/node#12123

Signed-off-by: Ilkka Myller <ilkka.myller@nodefield.com>

@mjmasn mjmasn referenced this pull request in meteor/meteor Apr 25, 2017

Closed

Memory Leak in Node 4.8.1 #8630

kevinsawicki added a commit to electron/node that referenced this pull request May 16, 2017

crypto: fix memory leak if certificate is revoked
The additional validity checks applied to StartCom and WoSign
certificates failed to free memory before returning.

Refs: nodejs/node#9469
Fixes: nodejs/node#12033
PR-URL: nodejs/node#12089
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Myles Borins <myles.borins@gmail.com>
Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment