[openssl-users] calloc vs kssl_calloc

Geoffrey Coram gjcoram at gmail.com
Fri Sep 30 12:11:45 UTC 2016

On Mon, Sep 26, 2016 at 12:11 PM, Benjamin Kaduk <bkaduk at akamai.com> wrote:

> On 09/26/2016 11:01 AM, Salz, Rich wrote:
> Kssl_calloc calls openssl_malloc which means the data must be free'd with openssl_free. And in debug builds any non-free'd data is a leak and reported.  Ton line 875 the data is allocated and never free'd, so it skips the leak detection.   In some of those other places, perhaps it's because the KRB API needs something it can free or realloc?  I'm not sure.
> It doesn't look like the allocated memory is used as input to a krb5
> routine, so I think it's just a bug.
Is there something more I should do on this issue?  I recall the OpenSSL
terms of use strongly discouraged people from the US from helping, due to
US export restrictions.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160930/52e9e239/attachment-0001.html>

More information about the openssl-users mailing list