memory leak in ssl_cert_dup #2108

bernd-edlinger · 2016-12-19T07:59:18Z

Under low memory a memory leak was observed with openssl-1.0.2j:

Additional to the memory leak that was pointed out in #2080,
there is yet another leak in ssl_cert_dup:

Direct leak of 752 byte(s) in 1 object(s) allocated from:
    #0 0x7f2fdeacc310 in __interceptor_malloc ../../../../gcc-7-20161211/libsanitizer/asan/asan_malloc_linux.cc:62
    #1 0x215fb5a in CRYPTO_malloc crypto/mem.c:346
    #2 0x20de7c7 in ssl_cert_dup ssl/ssl_cert.c:222
    #3 0x20d0ee8 in SSL_new ssl/ssl_lib.c:332


--- ssl/ssl_cert.c.orig 2016-09-26 11:49:07.000000000 +0200
+++ ssl/ssl_cert.c      2016-12-17 19:43:18.804944416 +0100
@@ -414,6 +412,7 @@ CERT *ssl_cert_dup(CERT *cert)
 #endif

     ssl_cert_clear_certs(ret);
+    OPENSSL_free(ret);

     return NULL;
 }

The text was updated successfully, but these errors were encountered:

Fixed a memory leak in ASN1_digest and ASN1_item_digest. asn1_template_noexp_d2i call ASN1_item_ex_free(&skfield,...) on error. Reworked error handling in asn1_item_ex_combine_new: - call ASN1_item_ex_free and return the correct error code if ASN1_template_new failed. - dont call ASN1_item_ex_free if ASN1_OP_NEW_PRE failed. Reworked error handing in x509_name_ex_d2i and x509_name_encode. Fixed error handling in int_ctx_new and EVP_PKEY_CTX_dup. Fixed a memory leak in def_get_class if lh_EX_CLASS_ITEM_insert fails due to OOM: - to figure out if the insertion succeeded, use lh_EX_CLASS_ITEM_retrieve again. - on error, p will be NULL, and gen needs to be cleaned up again. int_free_ex_data needs to have a fallback solution if unable to allocate "storage": - if free_func is non-zero this must be called to clean up all memory. Fixed error handling in pkey_hmac_copy. Fixed error handling in ssleay_rand_add and ssleay_rand_bytes. Fixed error handling in X509_STORE_new. Fixed a memory leak in ssl3_get_key_exchange. Check for null pointer in ssl3_write_bytes. Check for null pointer in ssl3_get_cert_verify. Fixed a memory leak in ssl_cert_dup. Fixes openssl#2087 openssl#2094 openssl#2103 openssl#2104 openssl#2105 openssl#2106 openssl#2107 openssl#2108 openssl#2110 openssl#2111 openssl#2112 openssl#2115

Fixed a memory leak in ASN1_digest and ASN1_item_digest. asn1_template_noexp_d2i call ASN1_item_ex_free(&skfield,...) on error. Reworked error handling in asn1_item_ex_combine_new: - call ASN1_item_ex_free and return the correct error code if ASN1_template_new failed. - dont call ASN1_item_ex_free if ASN1_OP_NEW_PRE failed. Reworked error handing in x509_name_ex_d2i and x509_name_encode. Fixed error handling in int_ctx_new and EVP_PKEY_CTX_dup. Fixed a memory leak in def_get_class if lh_EX_CLASS_ITEM_insert fails due to OOM: - to figure out if the insertion succeeded, use lh_EX_CLASS_ITEM_retrieve again. - on error, p will be NULL, and gen needs to be cleaned up again. int_free_ex_data needs to have a fallback solution if unable to allocate "storage": - if free_func is non-zero this must be called to clean up all memory. Fixed error handling in pkey_hmac_copy. Fixed error handling in ssleay_rand_add and ssleay_rand_bytes. Fixed error handling in X509_STORE_new. Fixed a memory leak in ssl3_get_key_exchange. Check for null pointer in ssl3_write_bytes. Check for null pointer in ssl3_get_cert_verify. Fixed a memory leak in ssl_cert_dup. Fixes #2087 #2094 #2103 #2104 #2105 #2106 #2107 #2108 #2110 #2111 #2112 #2115 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from #2127)

bernd-edlinger mentioned this issue Dec 21, 2016

combined patch for the more or less obvious issues: #2127

Closed

richsalz closed this as completed Feb 7, 2017

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

memory leak in ssl_cert_dup #2108

memory leak in ssl_cert_dup #2108

bernd-edlinger commented Dec 19, 2016

memory leak in ssl_cert_dup #2108

memory leak in ssl_cert_dup #2108

Comments

bernd-edlinger commented Dec 19, 2016