[openssl-users] BIO_do_connect memory leak in Arch Linux

Ryan Beethe ryan at splintermail.com
Mon Feb 5 04:01:59 UTC 2018 

Hi openssl-users,

I found a memory leak in my program that arises from the use of the
BIO_do_connect() function.  It seems to be related to how openssl is
interacting with other packages on my system.  I observe this behavior
on my Arch Linux machine but not on my Debian Stretch machine.  I wrote
a minimal program that demonstrates the issue and attached the output of
valgrind of the same program.

The leak goes away if I comment out the BIO_do_connect() line, and based
on the output of valgrind the issue seems to have something to do with
the DNS resolving step.  I noticed using strace that on Arch Linux the
same binary running on Arch Linux loads two libraries that don't get
loaded when running on Debian Stretch: "libnss_mymachines.so.2" and
"libnss_resolve.so.2".

Am I doing something wrong or is this a memory leak in openssl?

Thanks,

Ryan


------- leak.c: a minimal example program leak.c

// # compile with gcc 7.2.1:
// gcc -Wall -g -std=c99 -pedantic leak.c -lssl -lcrypto -o leak

#include <stdio.h>
#include <openssl/bio.h>

int main(){
    // unencrypted connection
    BIO* bio = BIO_new_connect("smtp.gmail.com:587");

    // connect BIO
    BIO_do_connect(bio);

    // read some stuff
    char buffer[1024];
    int ret = BIO_read(bio, buffer, 1024 - 1);
    printf("read %d bytes:\n",ret);
    fwrite(buffer, 1, ret, stdout);

    BIO_free_all(bio);

    printf("exiting\n");
    return 0;
}


---------- output of: valgrind --show-leak-kinds=all --leak-check=full ./leak

==6700== Memcheck, a memory error detector
==6700== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==6700== Using Valgrind-3.13.0 and LibVEX; rerun with -h for copyright info
==6700== Command: ./leak
==6700==
read 52 bytes:
220 smtp.gmail.com ESMTP d26sm175472lja.54 - gsmtp
exiting
==6700==
==6700== HEAP SUMMARY:
==6700==     in use at exit: 7,365 bytes in 10 blocks
==6700==   total heap usage: 148 allocs, 138 frees, 118,960 bytes allocated
==6700==
==6700== 48 bytes in 1 blocks are still reachable in loss record 1 of 6
==6700==    at 0x4C2CEDF: malloc (vg_replace_malloc.c:299)
==6700==    by 0x4011D85: tls_get_addr_tail (in /usr/lib/ld-2.26.so)
==6700==    by 0x4017447: __tls_get_addr (in /usr/lib/ld-2.26.so)
==6700==    by 0x65BBD1D: ??? (in /usr/lib/libnss_resolve.so.2)
==6700==    by 0x65D7711: ??? (in /usr/lib/libnss_resolve.so.2)
==6700==    by 0x65CE60C: _nss_resolve_gethostbyname4_r (in /usr/lib/libnss_resolve.so.2)
==6700==    by 0x566DFD8: gaih_inet.constprop.7 (in /usr/lib/libc-2.26.so)
==6700==    by 0x566EF03: getaddrinfo (in /usr/lib/libc-2.26.so)
==6700==    by 0x517160D: BIO_lookup_ex (b_addr.c:691)
==6700==    by 0x51716CD: BIO_lookup (b_addr.c:614)
==6700==    by 0x517C8BD: conn_state (bss_conn.c:123)
==6700==    by 0x517C8BD: conn_ctrl (bss_conn.c:360)
==6700==    by 0x5178F73: BIO_ctrl (bio_lib.c:529)
==6700==
==6700== 61 bytes in 2 blocks are still reachable in loss record 2 of 6
==6700==    at 0x4C2CEDF: malloc (vg_replace_malloc.c:299)
==6700==    by 0x401AB9A: strdup (in /usr/lib/ld-2.26.so)
==6700==    by 0x40162EF: _dl_load_cache_lookup (in /usr/lib/ld-2.26.so)
==6700==    by 0x40089D1: _dl_map_object (in /usr/lib/ld-2.26.so)
==6700==    by 0x401377D: dl_open_worker (in /usr/lib/ld-2.26.so)
==6700==    by 0x56BFB63: _dl_catch_error (in /usr/lib/libc-2.26.so)
==6700==    by 0x4013279: _dl_open (in /usr/lib/ld-2.26.so)
==6700==    by 0x56BF10C: do_dlopen (in /usr/lib/libc-2.26.so)
==6700==    by 0x56BFB63: _dl_catch_error (in /usr/lib/libc-2.26.so)
==6700==    by 0x56BF1A6: dlerror_run (in /usr/lib/libc-2.26.so)
==6700==    by 0x56BF240: __libc_dlopen_mode (in /usr/lib/libc-2.26.so)
==6700==    by 0x56A6978: nss_load_library (in /usr/lib/libc-2.26.so)
==6700==
==6700== 61 bytes in 2 blocks are still reachable in loss record 3 of 6
==6700==    at 0x4C2CEDF: malloc (vg_replace_malloc.c:299)
==6700==    by 0x400B468: _dl_new_object (in /usr/lib/ld-2.26.so)
==6700==    by 0x4005984: _dl_map_object_from_fd (in /usr/lib/ld-2.26.so)
==6700==    by 0x40086B0: _dl_map_object (in /usr/lib/ld-2.26.so)
==6700==    by 0x401377D: dl_open_worker (in /usr/lib/ld-2.26.so)
==6700==    by 0x56BFB63: _dl_catch_error (in /usr/lib/libc-2.26.so)
==6700==    by 0x4013279: _dl_open (in /usr/lib/ld-2.26.so)
==6700==    by 0x56BF10C: do_dlopen (in /usr/lib/libc-2.26.so)
==6700==    by 0x56BFB63: _dl_catch_error (in /usr/lib/libc-2.26.so)
==6700==    by 0x56BF1A6: dlerror_run (in /usr/lib/libc-2.26.so)
==6700==    by 0x56BF240: __libc_dlopen_mode (in /usr/lib/libc-2.26.so)
==6700==    by 0x56A6978: nss_load_library (in /usr/lib/libc-2.26.so)
==6700==
==6700== 720 bytes in 2 blocks are still reachable in loss record 4 of 6
==6700==    at 0x4C2EEF5: calloc (vg_replace_malloc.c:711)
==6700==    by 0x4010F03: _dl_check_map_versions (in /usr/lib/ld-2.26.so)
==6700==    by 0x4013822: dl_open_worker (in /usr/lib/ld-2.26.so)
==6700==    by 0x56BFB63: _dl_catch_error (in /usr/lib/libc-2.26.so)
==6700==    by 0x4013279: _dl_open (in /usr/lib/ld-2.26.so)
==6700==    by 0x56BF10C: do_dlopen (in /usr/lib/libc-2.26.so)
==6700==    by 0x56BFB63: _dl_catch_error (in /usr/lib/libc-2.26.so)
==6700==    by 0x56BF1A6: dlerror_run (in /usr/lib/libc-2.26.so)
==6700==    by 0x56BF240: __libc_dlopen_mode (in /usr/lib/libc-2.26.so)
==6700==    by 0x56A6978: nss_load_library (in /usr/lib/libc-2.26.so)
==6700==    by 0x56A71E8: __nss_lookup_function (in /usr/lib/libc-2.26.so)
==6700==    by 0x566DF76: gaih_inet.constprop.7 (in /usr/lib/libc-2.26.so)
==6700==
==6700== 2,379 bytes in 2 blocks are still reachable in loss record 5 of 6
==6700==    at 0x4C2EEF5: calloc (vg_replace_malloc.c:711)
==6700==    by 0x400B181: _dl_new_object (in /usr/lib/ld-2.26.so)
==6700==    by 0x4005984: _dl_map_object_from_fd (in /usr/lib/ld-2.26.so)
==6700==    by 0x40086B0: _dl_map_object (in /usr/lib/ld-2.26.so)
==6700==    by 0x401377D: dl_open_worker (in /usr/lib/ld-2.26.so)
==6700==    by 0x56BFB63: _dl_catch_error (in /usr/lib/libc-2.26.so)
==6700==    by 0x4013279: _dl_open (in /usr/lib/ld-2.26.so)
==6700==    by 0x56BF10C: do_dlopen (in /usr/lib/libc-2.26.so)
==6700==    by 0x56BFB63: _dl_catch_error (in /usr/lib/libc-2.26.so)
==6700==    by 0x56BF1A6: dlerror_run (in /usr/lib/libc-2.26.so)
==6700==    by 0x56BF240: __libc_dlopen_mode (in /usr/lib/libc-2.26.so)
==6700==    by 0x56A6978: nss_load_library (in /usr/lib/libc-2.26.so)
==6700==
==6700== 4,096 bytes in 1 blocks are still reachable in loss record 6 of 6
==6700==    at 0x4C2CEDF: malloc (vg_replace_malloc.c:299)
==6700==    by 0x65BBF48: ??? (in /usr/lib/libnss_resolve.so.2)
==6700==    by 0x65D7711: ??? (in /usr/lib/libnss_resolve.so.2)
==6700==    by 0x65CE60C: _nss_resolve_gethostbyname4_r (in /usr/lib/libnss_resolve.so.2)
==6700==    by 0x566DFD8: gaih_inet.constprop.7 (in /usr/lib/libc-2.26.so)
==6700==    by 0x566EF03: getaddrinfo (in /usr/lib/libc-2.26.so)
==6700==    by 0x517160D: BIO_lookup_ex (b_addr.c:691)
==6700==    by 0x51716CD: BIO_lookup (b_addr.c:614)
==6700==    by 0x517C8BD: conn_state (bss_conn.c:123)
==6700==    by 0x517C8BD: conn_ctrl (bss_conn.c:360)
==6700==    by 0x5178F73: BIO_ctrl (bio_lib.c:529)
==6700==    by 0x108954: main (leak.c:17)
==6700==
==6700== LEAK SUMMARY:
==6700==    definitely lost: 0 bytes in 0 blocks
==6700==    indirectly lost: 0 bytes in 0 blocks
==6700==      possibly lost: 0 bytes in 0 blocks
==6700==    still reachable: 7,365 bytes in 10 blocks
==6700==         suppressed: 0 bytes in 0 blocks
==6700==
==6700== For counts of detected and suppressed errors, rerun with: -v
==6700== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)

More information about the openssl-users mailing list