[openssl-dev] [openssl.org #4172] SRP VBASE stuff still leaking memory
Michel via RT
rt at openssl.org
Thu Dec 10 16:00:06 UTC 2015
Hi Kurt,
At first glance, it's a fact that your patch is better.
:-)
I should have thought to some of your improvement, like SRP_gN_new().
I will test it tonight and come back to you.
Many for thanks for your interrest in this matter,
Michel.
-----Message d'origine-----
De : Kurt Roeckx via RT [mailto:rt at openssl.org]
Envoyé : jeudi 10 décembre 2015 15:38
À : michel.sales at free.fr
Cc : openssl-dev at openssl.org
Objet : Re: [openssl-dev] [openssl.org #4172] SRP VBASE stuff still leaking memory
On Thu, Dec 10, 2015 at 03:19:54PM +0100, Kurt Roeckx wrote:
> On Thu, Dec 10, 2015 at 01:27:38PM +0100, Kurt Roeckx wrote:
> > On Thu, Dec 10, 2015 at 01:16:48PM +0100, Kurt Roeckx wrote:
> > > On Mon, Dec 07, 2015 at 03:47:56PM +0000, Michel via RT wrote:
> > > > Hi,
> > > >
> > > > Following my previous mail, here attached is an updated patch
> > > > against 1.02e to fix the SRP VBASE memory leaks.
> > >
> > > Can you confirm that this would be the correct patch for master?
> >
> > The following patch should at least compile.
>
> I fixed a few more things, cleaned up some things. New patch
> attached.
I think there is something wrong with new SRP_gN_free(). You now also free g and N, and it's not clear to me who the owner of those is. I think the cache is, in which case we should not free them.
I think the cache also isn't cleared, we should probably call
SRP_VBASE_free() when SRP_VBASE_init() fails.
Kurt
More information about the openssl-dev
mailing list