On Sun, Feb 12, 2017 at 08:35:10AM -0800, Kevin J. McCarthy wrote: > On Sun, Feb 12, 2017 at 01:42:02PM +0100, Matthias Andree wrote: > > Am 12.02.2017 um 13:23 schrieb Matthias Andree: > > > All this certificate handling apparently introduces memory leaks. I > > > first tried to get a hold of them with clang's address sanitizer, which > > > seems somehow handicapped on Ubuntu 16.04, but valgrind seems useful > > > enough even if it hogs down performance even more. > > > > Got it. The attached patch plugs the leak. If you use > > X509_STORE_add_cert(), it makes a copy of the certificate we are > > offering it, so we need to X509_free it afterwards. > > Excellent. Thanks for tracking that down - I should have looked more > deeply to see if it was copying the cert or not. > > The PEM_read_X509() actually seems to be able to reuse the cert if we > pass it as the second parameter: see check_certificate_by_digest(). > Using that same logic, how about if fold this into the original patch > instead:
Actually, since this loop, has no break inside, it doesn't make sense to have the X509_free() after the loop. Let me see if I can make sure the PEM_read_X509() frees the cert even on EOF, and if so we can just pull the X509_free() completely out. -- Kevin J. McCarthy GPG Fingerprint: 8975 A9B3 3AA3 7910 385C 5308 ADEF 7684 8031 6BDA
signature.asc
Description: PGP signature
