X509_STORE_free leaks an X509_LOOKUP_METHOD
Matt Caswell
matt at openssl.org
Thu Oct 12 07:17:54 UTC 2023
On 11/10/2023 20:51, Chris Bare wrote:
> Running the attached program under valgrind I get:
> ==1836773== 11,979 (9,504 direct, 2,475 indirect) bytes in 99 blocks are
> definitely lost in loss record 23 of 23
> ==1836773== at 0x4848899: malloc (in
> /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
> ==1836773== by 0x4DBE26D: CRYPTO_zalloc (in
> /usr/lib/x86_64-linux-gnu/libcrypto.so.3)
> ==1836773== by 0x4E31134: X509_LOOKUP_meth_new (in
> /usr/lib/x86_64-linux-gnu/libcrypto.so.3)
> ==1836773== by 0x10930C: make_store (test.c:26)
> ==1836773== by 0x1093B9: main (test.c:50)
>
> If I call X509_LOOKUP_meth_free where I have it commented out then I get:
> ==1837066== Invalid read of size 8
> ==1837066== at 0x4E2E74D: X509_LOOKUP_shutdown (in
> /usr/lib/x86_64-linux-gnu/libcrypto.so.3)
> ==1837066== by 0x4E368B7: X509_STORE_free (in
> /usr/lib/x86_64-linux-gnu/libcrypto.so.3)
> ==1837066== by 0x10940E: main (test.c:52)
>
> Am I doing something wrong, or is this a bug in X509_STORE_free?
The X509_LOOKUP_METHOD must outlive and remain valid for the entire
lifetime of the X509_STORE. So you must not call X509_STORE_add_lookup()
and then immediately free the method you just added. Instead you should
call X509_LOOKUP_meth_free() *after* X509_STORE_free().
Matt
More information about the openssl-users
mailing list