Hi List,
I emailed the list regarding this last week and
haven't heard anything so I've decided to briefly
explain again and this time tack on my patch for
consideration.
The SSL compression methods global stack
(ssl_comp_methods) is created once off in the same
manner as the EVP cipher and digest arrays. Those two
have EVP_cleanup() to free them, whereas there isn't
an equivalent for the SSL compression methods stack.
This may not cause a leak in the case where only one
stack is created during the life of a process, however
in the case where a process loads the SSL library -
initializes (using SSL_library_init()) - and unloads
the SSL library several times then a new stack is
created each time causing a leak.
Here's my patch which allows for the MemCheckOn/Off
adjustments to be removed too. (I've attached it too
incase Yahoo mail kindly decides to obfuscate it
somehow...)
Thanks,
Jon
------------------------------------------------------
diff -ur openssl-0.9.8_orig/FAQ openssl-0.9.8_fix/FAQ
--- openssl-0.9.8_orig/FAQ 2005-07-22
10:36:43.000000000 +1000
+++ openssl-0.9.8_fix/FAQ 2005-07-22
13:32:51.000000000 +1000
@@ -836,7 +836,8 @@
"Brutal" (thread-unsafe) Application-global cleanup
functions:
- ERR_free_strings(), EVP_cleanup() and
CRYPTO_cleanup_all_ex_data().
+ ERR_free_strings(), EVP_cleanup(),
CRYPTO_cleanup_all_ex_data()
+ and SSL_free_comp_methods().
===============================================================================
diff -ur openssl-0.9.8_orig/ssl/ssl_ciph.c
openssl-0.9.8_fix/ssl/ssl_ciph.c
--- openssl-0.9.8_orig/ssl/ssl_ciph.c 2005-07-22
10:37:09.000000000 +1000
+++ openssl-0.9.8_fix/ssl/ssl_ciph.c 2005-07-22
11:42:47.000000000 +1000
@@ -211,7 +211,7 @@
{
SSL_COMP *comp = NULL;
- MemCheck_off();
+ /*MemCheck_off();*/
ssl_comp_methods=sk_SSL_COMP_new(sk_comp_cmp);
if (ssl_comp_methods != NULL)
{
@@ -230,7 +230,21 @@
}
}
}
- MemCheck_on();
+ /*MemCheck_on();*/
+ }
+ CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
+ }
+
+void SSL_free_comp_methods(void)
+ {
+ if (ssl_comp_methods == NULL)
+ return;
+
+ CRYPTO_w_lock(CRYPTO_LOCK_SSL);
+ if (ssl_comp_methods != NULL)
+ {
+
sk_SSL_COMP_pop_free(ssl_comp_methods,CRYPTO_free);
+ ssl_comp_methods = NULL;
}
CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
}
@@ -1166,7 +1180,7 @@
return 0;
}
- MemCheck_off();
+ /*MemCheck_off();*/
comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP));
comp->id=id;
comp->method=cm;
@@ -1175,7 +1189,7 @@
&& !sk_SSL_COMP_find(ssl_comp_methods,comp))
{
OPENSSL_free(comp);
- MemCheck_on();
+ /*MemCheck_on();*/
SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,SSL_R_DUPLICATE_COMPRESSION_ID);
return(1);
}
@@ -1183,13 +1197,13 @@
|| !sk_SSL_COMP_push(ssl_comp_methods,comp))
{
OPENSSL_free(comp);
- MemCheck_on();
+ /*MemCheck_on();*/
SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,ERR_R_MALLOC_FAILURE);
return(1);
}
else
{
- MemCheck_on();
+ /*MemCheck_on();*/
return(0);
}
}
diff -ur openssl-0.9.8_orig/ssl/ssl.h
openssl-0.9.8_fix/ssl/ssl.h
--- openssl-0.9.8_orig/ssl/ssl.h 2005-07-22
10:37:09.000000000 +1000
+++ openssl-0.9.8_fix/ssl/ssl.h 2005-07-22
11:28:34.000000000 +1000
@@ -1532,6 +1532,7 @@
void *SSL_COMP_get_compression_methods(void);
int SSL_COMP_add_compression_method(int id,void *cm);
#endif
+void SSL_free_comp_methods(void);
/* BEGIN ERROR CODES */
/* The following lines are auto generated by the
script mkerr.pl. Any changes
diff -ur openssl-0.9.8_orig/ssl/ssltest.c
openssl-0.9.8_fix/ssl/ssltest.c
--- openssl-0.9.8_orig/ssl/ssltest.c 2005-07-22
10:37:09.000000000 +1000
+++ openssl-0.9.8_fix/ssl/ssltest.c 2005-07-22
11:55:11.000000000 +1000
@@ -882,6 +882,7 @@
ERR_free_strings();
ERR_remove_state(0);
EVP_cleanup();
+ SSL_free_comp_methods();
CRYPTO_mem_leaks(bio_err);
if (bio_err != NULL) BIO_free(bio_err);
EXIT(ret);
diff -ur openssl-0.9.8_orig/util/ssleay.num
openssl-0.9.8_fix/util/ssleay.num
--- openssl-0.9.8_orig/util/ssleay.num 2005-07-22
10:37:12.000000000 +1000
+++ openssl-0.9.8_fix/util/ssleay.num 2005-07-22
13:36:48.000000000 +1000
@@ -226,3 +226,4 @@
SSL_COMP_get_compression_methods 276
EXIST:!VMS:FUNCTION:COMP
SSL_COMP_get_compress_methods 276
EXIST:VMS:FUNCTION:COMP
SSL_SESSION_get_id 277
EXIST::FUNCTION:
+SSL_free_comp_methods 278
EXIST::FUNCTION:
____________________________________________________
Do you Yahoo!?
Try Yahoo! Photomail Beta: Send up to 300 photos in one email!
http://au.photomail.mail.yahoo.comdiff -ur openssl-0.9.8_orig/FAQ openssl-0.9.8_fix/FAQ
--- openssl-0.9.8_orig/FAQ 2005-07-22 10:36:43.000000000 +1000
+++ openssl-0.9.8_fix/FAQ 2005-07-22 13:32:51.000000000 +1000
@@ -836,7 +836,8 @@
"Brutal" (thread-unsafe) Application-global cleanup functions:
- ERR_free_strings(), EVP_cleanup() and CRYPTO_cleanup_all_ex_data().
+ ERR_free_strings(), EVP_cleanup(), CRYPTO_cleanup_all_ex_data()
+ and SSL_free_comp_methods().
===============================================================================
diff -ur openssl-0.9.8_orig/ssl/ssl_ciph.c openssl-0.9.8_fix/ssl/ssl_ciph.c
--- openssl-0.9.8_orig/ssl/ssl_ciph.c 2005-07-22 10:37:09.000000000 +1000
+++ openssl-0.9.8_fix/ssl/ssl_ciph.c 2005-07-22 11:42:47.000000000 +1000
@@ -211,7 +211,7 @@
{
SSL_COMP *comp = NULL;
- MemCheck_off();
+ /*MemCheck_off();*/
ssl_comp_methods=sk_SSL_COMP_new(sk_comp_cmp);
if (ssl_comp_methods != NULL)
{
@@ -230,7 +230,21 @@
}
}
}
- MemCheck_on();
+ /*MemCheck_on();*/
+ }
+ CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
+ }
+
+void SSL_free_comp_methods(void)
+ {
+ if (ssl_comp_methods == NULL)
+ return;
+
+ CRYPTO_w_lock(CRYPTO_LOCK_SSL);
+ if (ssl_comp_methods != NULL)
+ {
+ sk_SSL_COMP_pop_free(ssl_comp_methods,CRYPTO_free);
+ ssl_comp_methods = NULL;
}
CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
}
@@ -1166,7 +1180,7 @@
return 0;
}
- MemCheck_off();
+ /*MemCheck_off();*/
comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP));
comp->id=id;
comp->method=cm;
@@ -1175,7 +1189,7 @@
&& !sk_SSL_COMP_find(ssl_comp_methods,comp))
{
OPENSSL_free(comp);
- MemCheck_on();
+ /*MemCheck_on();*/
SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,SSL_R_DUPLICATE_COMPRESSION_ID);
return(1);
}
@@ -1183,13 +1197,13 @@
|| !sk_SSL_COMP_push(ssl_comp_methods,comp))
{
OPENSSL_free(comp);
- MemCheck_on();
+ /*MemCheck_on();*/
SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,ERR_R_MALLOC_FAILURE);
return(1);
}
else
{
- MemCheck_on();
+ /*MemCheck_on();*/
return(0);
}
}
diff -ur openssl-0.9.8_orig/ssl/ssl.h openssl-0.9.8_fix/ssl/ssl.h
--- openssl-0.9.8_orig/ssl/ssl.h 2005-07-22 10:37:09.000000000 +1000
+++ openssl-0.9.8_fix/ssl/ssl.h 2005-07-22 11:28:34.000000000 +1000
@@ -1532,6 +1532,7 @@
void *SSL_COMP_get_compression_methods(void);
int SSL_COMP_add_compression_method(int id,void *cm);
#endif
+void SSL_free_comp_methods(void);
/* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes
diff -ur openssl-0.9.8_orig/ssl/ssltest.c openssl-0.9.8_fix/ssl/ssltest.c
--- openssl-0.9.8_orig/ssl/ssltest.c 2005-07-22 10:37:09.000000000 +1000
+++ openssl-0.9.8_fix/ssl/ssltest.c 2005-07-22 11:55:11.000000000 +1000
@@ -882,6 +882,7 @@
ERR_free_strings();
ERR_remove_state(0);
EVP_cleanup();
+ SSL_free_comp_methods();
CRYPTO_mem_leaks(bio_err);
if (bio_err != NULL) BIO_free(bio_err);
EXIT(ret);
diff -ur openssl-0.9.8_orig/util/ssleay.num openssl-0.9.8_fix/util/ssleay.num
--- openssl-0.9.8_orig/util/ssleay.num 2005-07-22 10:37:12.000000000 +1000
+++ openssl-0.9.8_fix/util/ssleay.num 2005-07-22 13:36:48.000000000 +1000
@@ -226,3 +226,4 @@
SSL_COMP_get_compression_methods 276 EXIST:!VMS:FUNCTION:COMP
SSL_COMP_get_compress_methods 276 EXIST:VMS:FUNCTION:COMP
SSL_SESSION_get_id 277 EXIST::FUNCTION:
+SSL_free_comp_methods 278 EXIST::FUNCTION:
