Thanks for the report and the patch. I applied it almost verbatim. This ticket is now resolved.
[[EMAIL PROTECTED] - Sat Jan 25 18:18:47 2003]: > Hi, > > I found a memory leak in openssl (version 0.9.6h). I've reproduced it > with demos/bio/saccept.c. > > openssl-0.9.6h/demos/bio$ valgrind --num-callers=20 --leak-check=yes > ./saccept > ==1981== valgrind-1.0.4, a memory error detector for x86 GNU/Linux. > [...] > ==1981== > ==1981== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from > 0) > ==1981== malloc/free: in use at exit: 28987 bytes in 1602 blocks. > ==1981== malloc/free: 1771 allocs, 169 frees, 127309 bytes allocated. > ==1981== For counts of detected errors, rerun with: -v > ==1981== searching for pointers to 1602 not-freed blocks. > ==1981== checked 4299544 bytes. > ==1981== > ==1981== definitely lost: 920 bytes in 1 blocks. > ==1981== possibly lost: 0 bytes in 0 blocks. > ==1981== still reachable: 28067 bytes in 1601 blocks. > ==1981== > ==1981== 920 bytes in 1 blocks are definitely lost in loss record 1 of > 3 > ==1981== at 0x4004519B: malloc (in /usr/lib/valgrind/valgrind.so) > ==1981== by 0x80679C0: CRYPTO_malloc (mem.c:223) > ==1981== by 0x80610CE: ssl3_new (s3_lib.c:706) > ==1981== by 0x804C63B: tls1_new (t1_lib.c:123) > ==1981== by 0x804E40E: SSL_new (ssl_lib.c:224) > ==1981== by 0x8051659: SSL_dup (ssl_lib.c:1695) > ==1981== by 0x8058CC9: ssl_ctrl (bio_ssl.c:434) > ==1981== by 0x806EC1A: BIO_ctrl (bio_lib.c:311) > ==1981== by 0x806F11A: BIO_dup_chain (bio_lib.c:478) > ==1981== by 0x8074E18: acpt_state (bss_acpt.c:260) > ==1981== by 0x8074F30: acpt_read (bss_acpt.c:301) > ==1981== by 0x806E699: BIO_read (bio_lib.c:165) > ==1981== by 0x804AFFF: main (saccept.c:80) > ==1981== by 0x4026A08C: __libc_start_main (in /lib/libc-2.2.5.so) > ==1981== by 0x228EC: ??? > ==1981== > ==1981== LEAK SUMMARY: > ==1981== definitely lost: 920 bytes in 1 blocks. > ==1981== possibly lost: 0 bytes in 0 blocks. > ==1981== still reachable: 28067 bytes in 1601 blocks. > ==1981== Reachable blocks (those to which a pointer was found) are not > shown. > > > The problem seems to be in SSL_dup in ssl/ssl_lib.c: > > First, the ssl object ret is created: > ret=SSL_new(SSL_get_SSL_CTX(s)), this calls > s->method->ssl_new(s) in SSL_new > > later in SSL_dup, some previously allocated bytes with ssl_new are > overwritten: > ret->method->ssl_new(ret) > > This little patch seems to fix the problem, but I don't know, if it is > "the right way"... > > diff -u -r1.3 -r1.4 > --- ssl_lib.c 6 Jan 2003 09:04:14 -0000 1.3 > +++ ssl_lib.c 24 Jan 2003 16:25:16 -0000 1.4 > @@ -1708,6 +1708,7 @@ > * and thus we can't use SSL_copy_session_id. */ > > ret->method = s->method; > + ret->method->ssl_free(ret); > ret->method->ssl_new(ret); > > if (s->cert != NULL) > > > > > regards, > christian > > OpenSSL self-test report: > > OpenSSL version: 0.9.6h > Last change: New function OPENSSL_cleanse(), which is used to > cleans... > Options: --prefix=/usr --openssldir=/etc/openssl shared > OS (uname): Linux 2.4.20 #4 Thu Jan 2 00:10:53 CET 2003 i686 > unknown > OS (config): i686-whatever-linux2 > Target (default): linux-elf > Target: linux-elf > Compiler: gcc version 2.95.3 20010315 (release) > > P.S.: The link in openssl-0.9.6h/README is wrong: > ".. via the Request Tracker (http://www.openssl.org/rt2.html) " > -> Not found > -- Richard Levitte ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
