> hi all,
> We are using openssl 0.9.8g with our product and everything
> worked fine till now. We are now trying to check memory leak
> in our code using Purify. But unfortunately our executable core
> dumped soon after it called PKCS12_parse(). I have attached the
> entire purify log file. please let me know what am missing here.
>-Thanks and Regards,
>-Sanjith.
It looks like purify found a bug in your code. You need to debug it. The log
says:
MSE: Memory segment error:
DES_ofb64_encrypt [libcrypto.a]
des_ede_cbc_cipher [e_des3.c]
EVP_EncryptUpdate [libcrypto.a]
EVP_CipherUpdate [libcrypto.a]
PKCS12_pbe_crypt [libcrypto.a]
PKCS12_item_decrypt_d2i [libcrypto.a]
parse_bag [p12_kiss.c]
parse_bags [p12_kiss.c]
PKCS12_parse [libcrypto.a]
testParseKeystore [zuopenssl.c:265]
testGetLocalHostPrivateKeyFromKeystore [zuopenssl.c:398]
So your code called PKCS12_parse which eventually called a DES function with
a bad pointer. Most likely, this is because there is someting wrong with the
PKCS12 structure you passed to PKCS12_parse, but there's no way for us to
tell.
At least, that would be the most obvious explanation. It could always be
something weirder. We can't debug the code in zuopenssl.c without being able
to see it.
You have gotten the first piece of evidence that there is something wrong
with your code. So start debugging it.
There are a large family of bugs that are almost always harmless in release
builds but fatal in some kinds of debug builds. For example, if you allocate
121 bytes of memory but write 122 bytes, a release build will almost always
wind up actually allocating at least 122 bytes, so the overwrite will be
harmless. A debug build tries to consider any write to memory that was never
allocated fatal -- since it's never something you're supposed to do.
You have likely encountered a bug in that family of bugs. Almost always
harmless in release, possibly fatal in special debug builds. Find it, and
fix it. If it's of the "always harmless" variety, then your code will just
be nicer. If it's of the "almost always harmless" variety, then finding and
fixing it may well prevent rare, hard-to-debug crashes in your release code.
It could also turn out to be a bug in OpenSSL. If you suspect this, try to
provide a compact example program that replicates this problem, and post it
to the list. (Or debug it yourself if you can.) But start out checking the
code right before the call to PKCS12_parse. There's at least a 80% chance
that's where the problem is.
DS
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
