Sorry about replying to myself, but here is the fix I propose:
in SSL_dup (ssl_lib.c), add the lines with //MPZ after them.
if (s->session != NULL)
{
/* This copies session-id, SSL_METHOD, sid_ctx, and 'cert'
*/
SSL_copy_session_id(ret,s);
}
else
{
/* No session has been established yet, so we have to expect
* that s->cert or ret->cert will be changed later --
* they should not both point to the same object,
* and thus we can't use SSL_copy_session_id. */
ret->method = s->method;
ret->method->ssl_new(ret);
// FIX in this statement
if (s->cert != NULL)
{
if(ret->cert != NULL) { // MPZ
ssl_cert_free(ret->cert); // MPZ
} // MPZ
ret->cert = ssl_cert_dup(s->cert);
if (ret->cert == NULL)
goto err;
}
//Original Code
// if (s->cert != NULL)
// {
// ret->cert = ssl_cert_dup(s->cert);
// if (ret->cert == NULL)
// goto err;
// }
SSL_set_session_id_context(ret,
s->sid_ctx, s->sid_ctx_length);
}
Regards,
Mike
> -----Original Message-----
> From: Mike Zeoli [mailto:[EMAIL PROTECTED]]
> Sent: Monday, December 11, 2000 6:12 PM
> To: OpenSSL Users List (E-mail)
> Subject: SSL_dup() memory leak?
>
>
> Hi all, I think I've found a memory leak in SSL_dup() and I'd
> like some
> confirmation from someone who know the code well. (This is
> for OpenSSL 0.9.6
> on Win2000 btw)
>
> SSL_dup calls SSL_new with the original SSL*'s context. SSL_new calls
> ssl_cert_dup to duplicate the memory pointed to by context->cert, and
> assigns that new block (we'll call it block A) to the new SSL's ->cert
> pointer.
>
> Later, continuing in SSL_dup, ssl_cert_dup is called again to copy the
> original SSL*'s cert , this block is then assigned to the SSL
> (now called
> ret) 's ->cert pointer thus causing the block A (above) to no
> longer have
> any references to it, thus leaking the memory.
>
> The net effect is that any EVP_PKEY's and X509's associated
> with the context
> never get freed because the leaked CERT (above) still holds a
> reference to
> them.
>
> A possible solution: in SSL_dup, before copying the original
> SSL*'s ->cert
> pointer, check if one has been copied already (from the
> context) and free
> that memory before doing the ssl_cert_dup.
>
> Is this a legitimate leak, or am I missing something?
>
> What is the philosophy behind the code? I mean, should the
> ->cert data from
> the original SSL* take precidence over the ->cert data from
> the context? I'm
> going to hack a temporary fix in so purify doesn't bark at me anymore.
>
> Regards,
> Mike
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
