[openssl-dev] TR: [openssl.org #4172] SRP VBASE stuff still leaking memory

Michel via RT rt at openssl.org
Thu Dec 10 22:37:07 UTC 2015 

Hello Kurt,

I was not able to 'configure' the master branch for debug-VC-WIN32.
I got the error message 'pick os/compiler from: ...
However I succeeded with VC-WIN32.
I guess this is something related to the new configure perl script and debug/non-debug options, but I am lost with perl.

Could you please help for this ?

Michel.

-----Message d'origine-----
De : openssl-dev [mailto:openssl-dev-bounces at openssl.org] De la part de Michel via RT
Envoyé : jeudi 10 décembre 2015 17:00
Cc : openssl-dev at openssl.org
Objet : Re: [openssl-dev] [openssl.org #4172] SRP VBASE stuff still leaking memory

Hi Kurt,

At first glance, it's a fact that your patch is better.
:-)
I should have thought to some of your improvement, like SRP_gN_new().

I will test it tonight and come back to you.

Many for thanks for your interrest in this matter,

Michel.

-----Message d'origine-----
De : Kurt Roeckx via RT [mailto:rt at openssl.org] Envoy  : jeudi 10 d cembre 2015 15:38   : michel.sales at free.fr Cc : openssl-dev at openssl.org Objet : Re: [openssl-dev] [openssl.org #4172] SRP VBASE stuff still leaking memory

On Thu, Dec 10, 2015 at 03:19:54PM +0100, Kurt Roeckx wrote:
> On Thu, Dec 10, 2015 at 01:27:38PM +0100, Kurt Roeckx wrote:
> > On Thu, Dec 10, 2015 at 01:16:48PM +0100, Kurt Roeckx wrote:
> > > On Mon, Dec 07, 2015 at 03:47:56PM +0000, Michel via RT wrote:
> > > > Hi,
> > > > 
> > > > Following my previous mail, here attached is an updated patch 
> > > > against 1.02e to fix the SRP VBASE memory leaks.
> > > 
> > > Can you confirm that this would be the correct patch for master?
> > 
> > The following patch should at least compile.
> 
> I fixed a few more things, cleaned up some things.  New patch 
> attached.

I think there is something wrong with new SRP_gN_free().  You now also free g and N, and it's not clear to me who the owner of those is.  I think the cache is, in which case we should not free them.
I think the cache also isn't cleared, we should probably call
SRP_VBASE_free() when SRP_VBASE_init() fails.


Kurt



_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

More information about the openssl-dev mailing list