Package: libmosquitto1 Version: 1.4.10-3+deb9u4 Tags: patch
Dear Maintainer, we have noticed that mqtt clients using libmosquitto experience a memory leak if - TLS is used - connecting to the broker more than once (this also includes failed connections) On amd64, the leak seems to be about 70KB of memory per connection effort. I have verified the leak using valgrind and a small test program. This problem has already been fixed in teh upstream project. see https://github.com/eclipse/mosquitto/issues/592 I have backported the fix and created a patch. Based on code inspection, I am quite sure that the leak also is also present in the mosquitto broker, if the bridge feature is used. The patch applies to both client library and broker. Regards, Rupert -- System Information: Debian Release: 9.4 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages libmosquitto1 depends on: ii libc-ares2 1.12.0-1+deb9u1 ii libc6 2.24-11+deb9u3 ii libssl1.1 1.1.0j-1~deb9u1 libmosquitto1 recommends no packages. libmosquitto1 suggests no packages. -- no debconf information Rupert Kittinger-Sereinig EFKON GmbH System Integration Dietrich-Keller-Straße 20 8074 Raaba / Austria Tel. +43 (0) 316 6990-714 Fax +43 (0) 316 6990-600 [email protected] www.efkon.com [https://www.efkon.com/databases/internet/_public/files30.nsf/SearchView/40CD785D061B155DC125836700356A34/$File/STRABAG_EFKON_Signet_gesamt.jpg] <http://www.efkon.com/>---------------------------------------------------------------------------- FN 116303i, Sitz: Raaba/Austria Landesgericht für ZRS Graz The information contained in this message is confidential and may be legally privileged. The message is intended solely for the addressee(s). If you are not the intended recipient, you are hereby notified that any use, dissemination, or reproduction is strictly prohibited and may be unlawful. If you are not the intended recipient, please contact the sender by return e-mail and destroy all copies of the original message. Information on processing of personal data<http://www.efkon.com/databases/internet/_public/content30.nsf/web30?Openagent&id=EN-EFKON.COM_privacy.html>
Makefile
Description: Makefile
//
// demonstrate memleak
//
#include <mosquitto.h>
#include <assert.h>
#include <stdio.h>
int main(int argc, char **argv) {
int result = mosquitto_lib_init();
struct mosquitto *m = mosquitto_new("client_id", true, 0);
assert(m);
const char *ca_file = "ServerCA.pem"; // must be avaiable
const char *ca_path = 0;
const char *cert_file = 0;
const char *key_file = 0;
result = mosquitto_tls_set(m, ca_file, ca_path, cert_file, key_file, 0);
printf("tls_set(): %d\n", result);
assert(MOSQ_ERR_SUCCESS == result);
const char *host = "127.0.0.1";
const int port = 1883; // wrong port, connection will fail
const int keepalive = 10;
for (int i = 0; i < 10; ++i) {
result = mosquitto_connect_async(m, host, port, keepalive);
printf("connect_async(): %d\n", result);
while ( MOSQ_ERR_SUCCESS == result) {
result = mosquitto_loop(m, -1, 1);
printf("loop(): %d\n", result);
};
}
mosquitto_destroy(m);
mosquitto_lib_cleanup();
return 0;
}
==4154== Memcheck, a memory error detector ==4154== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al. ==4154== Using Valgrind-3.12.0.SVN and LibVEX; rerun with -h for copyright info ==4154== Command: ./testdriver ==4154== tls_set(): 0 connect_async(): 8 connect_async(): 14 connect_async(): 0 loop(): 8 connect_async(): 0 loop(): 8 connect_async(): 0 loop(): 0 loop(): 8 connect_async(): 0 loop(): 0 loop(): 8 connect_async(): 0 loop(): 0 loop(): 8 connect_async(): 0 loop(): 0 loop(): 8 connect_async(): 0 loop(): 0 loop(): 8 connect_async(): 0 loop(): 0 loop(): 8 ==4154== ==4154== HEAP SUMMARY: ==4154== in use at exit: 670,680 bytes in 2,916 blocks ==4154== total heap usage: 11,546 allocs, 8,630 frees, 2,290,965 bytes allocated ==4154== ==4154== 670,680 (40,032 direct, 630,648 indirect) bytes in 9 blocks are definitely lost in loss record 132 of 132 ==4154== at 0x4C2BBAF: malloc (vg_replace_malloc.c:299) ==4154== by 0x59CA42D: CRYPTO_zalloc (in /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1) ==4154== by 0x5621781: SSL_new (in /usr/lib/x86_64-linux-gnu/libssl.so.1.1) ==4154== by 0x4E3FEDE: ??? (in /usr/lib/x86_64-linux-gnu/libmosquitto.so.1) ==4154== by 0x4E3BA70: ??? (in /usr/lib/x86_64-linux-gnu/libmosquitto.so.1) ==4154== by 0x108B54: main (testdriver.c:33) ==4154== ==4154== LEAK SUMMARY: ==4154== definitely lost: 40,032 bytes in 9 blocks ==4154== indirectly lost: 630,648 bytes in 2,907 blocks ==4154== possibly lost: 0 bytes in 0 blocks ==4154== still reachable: 0 bytes in 0 blocks ==4154== suppressed: 0 bytes in 0 blocks ==4154== ==4154== For counts of detected and suppressed errors, rerun with: -v ==4154== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
Description: fix memory leak at reconnect when using TLS when setting mosq->ssl_ctx, mosq_ssl, check for existing value and free if necessary Author: Rupert Kittinger-Sereinig <[email protected]> Index: mosquitto-1.4.10/lib/net_mosq.c =================================================================== --- mosquitto-1.4.10.orig/lib/net_mosq.c +++ mosquitto-1.4.10/lib/net_mosq.c @@ -416,6 +416,10 @@ int _mosquitto_socket_connect(struct mos #ifdef WITH_TLS if(mosq->tls_cafile || mosq->tls_capath || mosq->tls_psk){ + if (mosq->ssl_ctx) { + SSL_CTX_free(mosq->ssl_ctx); + mosq->ssl_ctx = NULL; + } #if OPENSSL_VERSION_NUMBER >= 0x10001000L if(!mosq->tls_version || !strcmp(mosq->tls_version, "tlsv1.2")){ mosq->ssl_ctx = SSL_CTX_new(TLSv1_2_client_method()); @@ -530,6 +534,11 @@ int _mosquitto_socket_connect(struct mos #endif } + if(mosq->ssl){ + SSL_free(mosq->ssl); + mosq->ssl = NULL; + } + mosq->ssl = SSL_new(mosq->ssl_ctx); if(!mosq->ssl){ COMPAT_CLOSE(sock); Index: mosquitto-1.4.10/debian/changelog =================================================================== --- mosquitto-1.4.10.orig/debian/changelog +++ mosquitto-1.4.10/debian/changelog @@ -1,3 +1,9 @@ +mosquitto (1.4.10-3+deb9u4+efkon0) UNRELEASED; urgency=medium + + * fix memory leak in client reconnection using TLS + + -- Rupert Kittinger-Sereinig <[email protected]> Mon, 29 Apr 2019 16:33:41 +0200 + mosquitto (1.4.10-3+deb9u4) stretch-security; urgency=high * Fix potential crash when reloading persistence file. (closes: #922071).
