Hi All, >From my reading of the bugtraq info, the problem is in the zlib_stateful_init() function in Openssl versions 0.9.8f through 0.9.8h which can be exploited via any application utilizing openssl, including Apache. Here is a reference from the OpenSSL Project: http://marc.info/?l=openssl-dev&m=121060672602371&w=2 and the change introducing the bug: http://cvs.openssl.org/chngview?cn=15897
Please tell this bug is in openssl or Apache . Please Help.Its is urgent need. Thanks Joshi Chandran Dustin Kirkland-2 wrote: > > I'm trying to solve a reproducible memory leak that manifests itself > with SSL + Apache2: > https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/224945 > > Valgrind, plus our own research, points to a possible memory leak in > crypto/comp/c_zlib.c in libssl0.9.8g. > > We see: > struct zlib_state *state = -> (struct zlib_state > *)OPENSSL_malloc(sizeof(struct zlib_state)); > allocating the data. > > However, it does not seem that a zlib_stateful_free_ex_data() is called > to free it. > > > Thanks, > :-Dustin > > Dustin Kirkland > Ubuntu Server Developer > Canonical, LTD > GPG: 1024D/83A61194 > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > Development Mailing List [email protected] > Automated List Manager [EMAIL PROTECTED] > > -- View this message in context: http://www.nabble.com/possible-memory-leak-in-zlib-compression-tp17190287p20280458.html Sent from the OpenSSL - Dev mailing list archive at Nabble.com. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
