Am 12.02.2017 um 13:23 schrieb Matthias Andree:
> All this certificate handling apparently introduces memory leaks. I
> first tried to get a hold of them with clang's address sanitizer, which
> seems somehow handicapped on Ubuntu 16.04, but valgrind seems useful
> enough even if it hogs down performance even more.
Got it. The attached patch plugs the leak. If you use
X509_STORE_add_cert(), it makes a copy of the certificate we are
offering it, so we need to X509_free it afterwards.
exporting patch:
# HG changeset patch
# User Matthias Andree <matthias.and...@gmx.de>
# Date 1486903270 -3600
# Sun Feb 12 13:41:10 2017 +0100
# Node ID 3bf43219f533d517161ca7649d2391c01f329bbf
# Parent f8f1ea5a46b64165f462f8879bb6686911713777
Plug memory leak in weed-expired-certs code.
X509_STORE_add_cert() creates a copy of the certificate we're offering,
so we need to free our copy afterwards. This isn't documented, but from
observed behaviour in OpenSSL 1.0.2 and its master branch source code.
diff --git a/mutt_ssl.c b/mutt_ssl.c
--- a/mutt_ssl.c
+++ b/mutt_ssl.c
@@ -118,10 +118,12 @@
{
dprint (2, (debugfile, "ssl_load_certificates: filtering expired cert: %s\n",
X509_NAME_oneline (X509_get_subject_name (cert), buf, sizeof (buf))));
- X509_free (cert);
}
else
+ {
X509_STORE_add_cert (store, cert);
+ }
+ X509_free (cert);
}
safe_fclose (&fp);
