Re: X509 memory leak (P)

Wed, 20 Nov 2002 02:31:05 -0800 

In message <1037725127.635.56.camel@fearless> on 19 Nov 2002 11:58:47 -0500, Tobias 
DiPasquale <[EMAIL PROTECTED]> said:

toby> I am writing some code that has to do some crypto, and I have come
toby> across a memory leak in OpenSSL resulting from the (possible mis-)use of
toby> the following code:
toby> 
toby> <snippet>
toby> char *cert_string;
toby> RSA *rsa;
toby> X509 *cert;
toby> EVP_PKEY *ekey;
toby> [...]
toby> /* 
toby>  * cert_string contains the text of the certificate 
toby>  */
toby> if (!(mem = BIO_new_mem_buf( cert_string, -1)))
toby>   return -1;
toby> if (!(cert = PEM_read_bio_X509( mem, NULL, NULL, NULL)))
toby> {
toby>   BIO_free( mem);
toby>   return -1;
toby> }
toby> ekey = X509_get_pubkey( cert);
toby> rsa = ekey->pkey.rsa;
toby> if (!rsa)
toby> {
toby>   BIO_free( mem);
toby>   X509_free( cert);
toby>   return -1;
toby> }
toby> [...]
toby> BIO_free( mem);
toby> RSA_free( rsa);
toby> X509_free( cert);
toby> </snippet>
toby> 
toby> I have tracked the leak down with gdb to be coming from the call to
toby> X509_get_pubkey(). The cert->cert_info->key->pkey member is NULL until I
toby> call that function, but then after the call, the pkey member and my ekey
toby> variable both point to the same place, a valid memory address.

Well, an EVP_PKEY is one of those structures that contains a reference
counter.  Since it has two references to it (one through
cert->cert_info->key->pkey and one through your ekey variable), the
counter is 2.  When you do X509_free(cert), that counter gets
decreased to 1, and the key is kept around, basically because ekey is
still pointing at it.  You need to add the following call:

EVP_PKEY_free(ekey);

-- 
Richard Levitte   \ Spannvägen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken  \ S-168 35  BROMMA  \ T: +46-8-26 52 47
                    \      SWEDEN       \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis                -- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/

Unsolicited commercial email is subject to an archival fee of $400.
See <http://www.stacken.kth.se/~levitte/mail/> for more info.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to