[openssl-dev] [openssl.org #4172] SRP VBASE stuff still leaking memory
Michel via RT
rt at openssl.org
Fri Dec 11 23:40:56 UTC 2015
Hello Kurt,
I finally managed to compile a debug 1.1.0 version.
(I manually modified the makefile)
:-(
Anyway, I can confirm the patch you send to me fixes the first memory leak case.
BUT,
You are right, we should not free g and N, because they are shared/referenced by the VBASE cache.
They will be freed by SRP_VBASE_free();
BUT (again) we need to free the *ID* of g and N, which was allocated and no longer in use or referenced elsewhere.
I believe the data structures should have been made differently such that they do not share only part of internal data.
That's why I did not call sk_SRP_gN_pop_free() in my first patch.
Here attached is an updated version of your patch that, I hope, can meet our first requirement.
As long as the memory is in a stable state, I think it is not mandatory to free immediatly the VBASE data in case of error.
We can let the caller decide what he wants to do. But it is just my opinion.
Thanks again,
Regards,
Michel
-----Message d'origine-----
De : openssl-dev [mailto:openssl-dev-bounces at openssl.org] De la part de Michel via RT
Envoyé : jeudi 10 décembre 2015 23:37
Cc : openssl-dev at openssl.org
Objet : [openssl-dev] TR: [openssl.org #4172] SRP VBASE stuff still leaking memory
Hello Kurt,
I was not able to 'configure' the master branch for debug-VC-WIN32.
I got the error message 'pick os/compiler from: ...
However I succeeded with VC-WIN32.
I guess this is something related to the new configure perl script and debug/non-debug options, but I am lost with perl.
Could you please help for this ?
Michel.
-----Message d'origine-----
De : openssl-dev [mailto:openssl-dev-bounces at openssl.org] De la part de Michel via RT Envoy : jeudi 10 d cembre 2015 17:00 Cc : openssl-dev at openssl.org Objet : Re: [openssl-dev] [openssl.org #4172] SRP VBASE stuff still leaking memory
Hi Kurt,
At first glance, it's a fact that your patch is better.
:-)
I should have thought to some of your improvement, like SRP_gN_new().
I will test it tonight and come back to you.
Many for thanks for your interrest in this matter,
Michel.
-----Message d'origine-----
De : Kurt Roeckx via RT [mailto:rt at openssl.org] Envoy : jeudi 10 d cembre 2015 15:38 : michel.sales at free.fr Cc : openssl-dev at openssl.org Objet : Re: [openssl-dev] [openssl.org #4172] SRP VBASE stuff still leaking memory
On Thu, Dec 10, 2015 at 03:19:54PM +0100, Kurt Roeckx wrote:
> On Thu, Dec 10, 2015 at 01:27:38PM +0100, Kurt Roeckx wrote:
> > On Thu, Dec 10, 2015 at 01:16:48PM +0100, Kurt Roeckx wrote:
> > > On Mon, Dec 07, 2015 at 03:47:56PM +0000, Michel via RT wrote:
> > > > Hi,
> > > >
> > > > Following my previous mail, here attached is an updated patch
> > > > against 1.02e to fix the SRP VBASE memory leaks.
> > >
> > > Can you confirm that this would be the correct patch for master?
> >
> > The following patch should at least compile.
>
> I fixed a few more things, cleaned up some things. New patch
> attached.
I think there is something wrong with new SRP_gN_free(). You now also free g and N, and it's not clear to me who the owner of those is. I think the cache is, in which case we should not free them.
I think the cache also isn't cleared, we should probably call
SRP_VBASE_free() when SRP_VBASE_init() fails.
Kurt
_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
-------------- next part --------------
A non-text attachment was scrubbed...
Name: srp_vfy-1.1.0.patch
Type: application/octet-stream
Size: 4452 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20151211/8c3bd296/attachment-0001.obj>
More information about the openssl-dev
mailing list