On Tue, Aug 31, 2004, Carlos Roberto Zainos H wrote: > Hi guys and hi Eric ! > > I have been tested my app again and again and following the Dr Stephen > recommendations, I discovered that the BIO's are not the problem, all they points to > NULL after them has been freed. > > I think the problem could be in freeing the other structures ......... > I have a main Windows service server (Win XP Professional, Visual C++ 6.0 compiler) > and Openssl 0.9.7d based, which by means of a call to a > CreateThread(...(LPTHREAD_START_ROUTINE) servicio...) function begins a routine > called "servicio" which receive a CSR sent by the "client app". > The "servicio" routine makes something like: > X509 *x=NULL, *xreq=NULL, **b=NULL; > X509_REQ *req=NULL, **sr=NULL; > EVP_PKEY *pubkey_ai=NULL; > ASN1_INTEGER *serial=NULL; > ASN1_GENERALIZEDTIME *N_after_gmt=NULL, **out_asn=NULL; > BIO *in=NULL, *incer=NULL, *buf=NULL; > > // "x" for the signer cert, "xreq" is the new cert an "b" is for decode the signer > cert via PEM_read_bio_X509(in,b,NULL,NULL ) > // "req" is the CSR received, "sr" is for decode the CSR via > PEM_read_bio_X509_REQ(incer,sr,NULL,NULL) > X509_NAME *dn=NULL; > > The CSR is decoded, the client pubkey is extracted from it and a new X509 structure > is filled with appropriate info. The DB is updated and the client receive an > notification, all this works very good. The problem is when I try to free the used > structures before exit of "servicio". > > X509_NAME_free(dn); // frees the dn = X509_NAME_new() of the new cert. > EVP_PKEY_free(pubkey_ai); //the signer public key used to verify the CSR > ASN1_INTEGER_free(serial); //the serial of the new cert > ASN1_GENERALIZEDTIME_free(N_after_gmt); //the adjust of the new cert > BIO_set_close(in, BIO_CLOSE); //this is more efficient, instead only BIO_free() > res = BIO_free(in); > BIO_set_close(incer, BIO_CLOSE); > res = BIO_free(incer); > BIO_set_close(buf, BIO_CLOSE); > res = BIO_free(buf); > X509_REQ_free(req); > X509_free(xreq); > //X509_free(x); <- this breaks my server > > So, I don't understand why after 100 consecutive connections the memory grows up 4.5 > Kb .... something is not being freed, (bios are not problem) how can I see if the > structures are freed?? (points to NULL) > > I need that my server coul be stable (no memory leak) > Help needed!!! >
When you call X509_free() you automatically free up all the internal parts of a certificate. You shouldn't free them individually because that will result in a double free. There are some exceptions such as a public key extracted from a certificate which has a reference count incremented: you *should* free that up. You might want to try the OpenSSL internal leak detection which is more geared to tracing leaks in OpenSSL applications. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]