Skip to content

Fix for Alt Subject Name memory leak. #140

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 5 commits into from
Closed

Fix for Alt Subject Name memory leak. #140

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
d1f5f47
Demonstration that _subjectAltNameString on the X509Extensions method…
Jul 10, 2014
368018c
Calling GENERAL_NAMES_free in _subjectAltNameString member method of …
Jul 10, 2014
09a4753
Coding the fix to check if GENERAL_NAMES_free method exists before at…
Jul 15, 2014
7d2bc80
Fixing blatent missuse of parameter to hasattr.
Jul 16, 2014
55fd3a9
Removing hasattr on cryptography X509_GENERALNAMES_free method.
Jul 22, 2014
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions OpenSSL/crypto.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -690,6 +690,7 @@ def _subjectAltNameString(self):
value = _native(
_ffi.buffer(name.d.ia5.data, name.d.ia5.length)[:])
parts.append(label + ":" + value)
_lib.GENERAL_NAMES_free(names)
return ", ".join(parts)


Expand Down
62 changes: 61 additions & 1 deletion leakcheck/crypto.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@

from OpenSSL.crypto import (
FILETYPE_PEM, TYPE_DSA, Error, PKey, X509, load_privatekey, CRL, Revoked,
get_elliptic_curves, _X509_REVOKED_dup)
get_elliptic_curves, _X509_REVOKED_dup, load_certificate)

from OpenSSL._util import lib as _lib

Expand All @@ -15,6 +15,66 @@ class BaseChecker(object):
def __init__(self, iterations):
self.iterations = iterations

class Checker_AltSubjectNameExt(BaseChecker):
"""
Leak check for X509Extention. member function _subjectAltNameString()
"""
ALTSUBJ_X509 = \
"""-----BEGIN CERTIFICATE-----
MIIISzCCBzOgAwIBAgIQCiuGDMoB9F/X7mNgGxw+gzANBgkqhkiG9w0BAQsFADB1
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMTQwMgYDVQQDEytEaWdpQ2VydCBTSEEyIEV4dGVuZGVk
IFZhbGlkYXRpb24gU2VydmVyIENBMB4XDTE0MDMyMDAwMDAwMFoXDTE2MDYxMjEy
MDAwMFowggELMR0wGwYDVQQPDBRQcml2YXRlIE9yZ2FuaXphdGlvbjETMBEGCysG
AQQBgjc8AgEDEwJVUzEVMBMGCysGAQQBgjc8AgECEwRVdGFoMRUwEwYDVQQFEww1
Mjk5NTM3LTAxNDIxEjAQBgNVBAkTCVN1aXRlIDUwMDEkMCIGA1UECRMbMjYwMCBX
ZXN0IEV4ZWN1dGl2ZSBQYXJrd2F5MQ4wDAYDVQQREwU4NDA0MzELMAkGA1UEBhMC
VVMxDTALBgNVBAgTBFV0YWgxDTALBgNVBAcTBExlaGkxFzAVBgNVBAoTDkRpZ2lD
ZXJ0LCBJbmMuMRkwFwYDVQQDExB3d3cuZGlnaWNlcnQuY29tMIICIjANBgkqhkiG
9w0BAQEFAAOCAg8AMIICCgKCAgEAqImzO5GUV4dyCVtfyyxCKp7twv0geyxjf90H
v/tJXO0conB5dcI0zOsS8ECIOrnqKaIRj1PhAuGHBPZYuYa2f4VeClhHw73nayEH
ndvvV4sWzjjx4+LkWhC4ObsKrcrFEIU6oW9nyRjDW7JMpgG2w1C+fsh5yjxTXgJ4
rpZfViGzpDw//knFF3Olbqlgqr0WBFb6VNLLJcDpn4nJ7hCHAfLHky3DL57QnEIk
nQkk9oDE6DSZWi4mw3MoUiasCTSOxXDh9fuTuDQtRPRQH4YKm2RFJgXURcpyA90e
gBqcUwZ7yDYxA9pfVcQNKcBSnCOVjalVlcQRAlujG+55sm5Kak1KRD45nosN7DiT
XlyzT1OPTip4sVJUS/tqlDVhAwZ56AacjoFbazbfwP5DztUWGfaClOiAAOGEFB0o
c4vpurZV56YXjK5wFb4E78gIJ9nfOn5njAYNUZQFlS8n5MHUpF7KlhOJ0gWLQ2j8
MYeptvLDR+Pf2RkTT7kFqYqYA8rFkinjc+dL6AraG5zbaFBmlSvc6DkbFPpB0/za
5o0ELIHREkfGJ53XVL1P7kIgllKmg59ZBWsrGEF6WruJG0WCim57lHjgTgnrHKja
2bRW1KB9CNXylIEuobQKFFYhJsPEJ0g8UNVxRTVLNyJ7aSZs27hO8vGi+Gv7Gq7m
61seFdUCAwEAAaOCAz0wggM5MB8GA1UdIwQYMBaAFD3TUKXWoK3u80pgCmXTIdT4
+NYPMB0GA1UdDgQWBBT4o6dhq9l3SxlmkMef45/msEQhBjBsBgNVHREEZTBjghB3
d3cuZGlnaWNlcnQuY29tghRjb250ZW50LmRpZ2ljZXJ0LmNvbYIMZGlnaWNlcnQu
Y29tghd3d3cub3JpZ2luLmRpZ2ljZXJ0LmNvbYISbG9naW4uZGlnaWNlcnQuY29t
MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
dQYDVR0fBG4wbDA0oDKgMIYuaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3NoYTIt
ZXYtc2VydmVyLWcxLmNybDA0oDKgMIYuaHR0cDovL2NybDQuZGlnaWNlcnQuY29t
L3NoYTItZXYtc2VydmVyLWcxLmNybDBCBgNVHSAEOzA5MDcGCWCGSAGG/WwCATAq
MCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMIGIBggr
BgEFBQcBAQR8MHowJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNv
bTBSBggrBgEFBQcwAoZGaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lD
ZXJ0U0hBMkV4dGVuZGVkVmFsaWRhdGlvblNlcnZlckNBLmNydDAMBgNVHRMBAf8E
AjAAMIIBBAYKKwYBBAHWeQIEAgSB9QSB8gDwAHYApLkJkLQYWBSHuxOizGdwCjw1
mAT5G9+443fNDsgN3BAAAAFGAfj4EQAABAMARzBFAiBCsenxdlQ3dZBcfRMYphsr
6HrdAPxcfKp5U9BB8pU55gIhAI/rMx1PyNPn55YZxVp4zKgn9LAd2fAzCHvrfAeE
k4NrAHYAaPaY+B9kgr46jO65KB1M/HFRXWeT1ETRCmesu09P+8QAAAFGAfj4DQAA
BAMARzBFAiEAg8qcGjwzNf44Xz/TX4sj8HvgVHi66rY+p7tuGLXECS8CIAdmUF8C
CHveoNoZf5Gb1peHsT8Egl7sN2AL2WvbF+OYMA0GCSqGSIb3DQEBCwUAA4IBAQAt
nIIupEenVPHngDTSHo+3jvC0jtCatrc2HxciDQ6Rf7+d6m96qRjNjGCKTcnqswuN
vXcwlz716XIAMzPNO9YTFKOnTfzdwZcs5fYaJJc9eRIBm8icbialjb2dqLG9EFYR
BdY7VtwMQs2M3IEwWsl5hAsDEZkGDjL3uTONWfzl5CWj9olBfzI4RFY+4rHa/kML
WlwZqlMPruOGLN7HThOJ6KeTUkVxBjUusO1Nl3Ye7FCE9hXOhgSrq+CT/o7P9VPT
Q9FXgnA36oSFOPyD64yfMF8xT1fC5ogluE7smQcjkPFRLcoPq5pYMxIsYr3Z18rw
DcxdKIGW/9KPNNapvbom
-----END CERTIFICATE-----"""

x509 = load_certificate(FILETYPE_PEM, ALTSUBJ_X509)
ext = x509.get_extension(2)


def check_alt_name_ext(self):
for i in xrange(0, int(self.iterations) * 100):
x = str(Checker_AltSubjectNameExt.ext)


class Checker_X509_get_pubkey(BaseChecker):
Expand Down