On Tue, Aug 31, 2004, Carlos Roberto Zainos H wrote:

> Hi guys and hi Eric !
>  
> I have been tested my app again and again and following the Dr Stephen 
> recommendations, I discovered that the BIO's are not the problem, all they points to 
> NULL after them has been freed.
>  
> I think the problem could be in freeing the other structures .........
> I have a main Windows service server (Win XP Professional, Visual C++ 6.0 compiler) 
> and Openssl 0.9.7d based, which by means of a call to a 
> CreateThread(...(LPTHREAD_START_ROUTINE) servicio...) function begins a routine 
> called "servicio" which receive a CSR sent by the "client app".
> The "servicio" routine makes something like:
> X509 *x=NULL, *xreq=NULL, **b=NULL;
> X509_REQ *req=NULL, **sr=NULL; 
> EVP_PKEY *pubkey_ai=NULL;
> ASN1_INTEGER *serial=NULL;
> ASN1_GENERALIZEDTIME *N_after_gmt=NULL, **out_asn=NULL;
> BIO *in=NULL, *incer=NULL, *buf=NULL;
>  
>  // "x" for the signer cert, "xreq" is the new cert an "b" is for decode the signer 
> cert via PEM_read_bio_X509(in,b,NULL,NULL )
> // "req" is the CSR received, "sr" is for decode the CSR via 
> PEM_read_bio_X509_REQ(incer,sr,NULL,NULL)
> X509_NAME *dn=NULL;
>  
> The CSR is decoded, the client pubkey is extracted from it and a new X509 structure 
> is filled with appropriate info. The DB is updated and the client receive an 
> notification, all this works very good. The problem is when I try to free the used 
> structures before exit of "servicio".
>  
> X509_NAME_free(dn); // frees the dn = X509_NAME_new() of the new cert.
> EVP_PKEY_free(pubkey_ai); //the signer public key used to verify the CSR
> ASN1_INTEGER_free(serial); //the serial of the new cert
> ASN1_GENERALIZEDTIME_free(N_after_gmt); //the adjust of the new cert
> BIO_set_close(in, BIO_CLOSE); //this is more efficient, instead only BIO_free()
> res = BIO_free(in);
> BIO_set_close(incer, BIO_CLOSE);
> res = BIO_free(incer);
> BIO_set_close(buf, BIO_CLOSE);
> res = BIO_free(buf);
> X509_REQ_free(req);
> X509_free(xreq);
> //X509_free(x); <- this breaks my server 
>  
> So, I don't understand why after 100 consecutive connections the memory grows up 4.5 
> Kb .... something is not being freed, (bios are not problem) how can I see if the 
> structures are freed?? (points to NULL)
>  
> I need that my server coul be stable (no memory leak)
> Help needed!!!
>  

When you call X509_free() you automatically free up all the internal parts of
a certificate. You shouldn't free them individually because that will result
in a double free.

There are some exceptions such as a public key extracted from a certificate
which has a reference count incremented: you *should* free that up.

You might want to try the OpenSSL internal leak detection which is more geared
to tracing leaks in OpenSSL applications.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to