Skip Menu |
 

This queue is for tickets about the Net-SSLeay CPAN distribution.

Report information
The Basics
Id: 121192
Status: open
Priority: 0/
Queue: Net-SSLeay

People
Owner: Nobody in particular
Requestors: Steffen_Ullrich [...] genua.de
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)



Subject: memory leaks in OCSP handling - patch included
Download (untitled) / with headers
text/plain 118b
Hi, there are some small memory leaks in the OCSP handling. A tested patch against 1.81 is included. Regards, Steffen
Subject: Net-SSLeay-1.81.patch
diff -uw Net-SSLeay-1.81.orig/SSLeay.xs Net-SSLeay-1.81/SSLeay.xs --- Net-SSLeay-1.81.orig/SSLeay.xs 2017-03-04 05:25:15.000000000 +0100 +++ Net-SSLeay-1.81/SSLeay.xs 2017-04-16 20:17:30.345322482 +0200 @@ -5959,7 +5959,7 @@ OCSP_CERTID *id; int i; STRLEN len; - unsigned char *pc,*pi; + unsigned char *pi; if (!ssl) croak("not a SSL object"); ctx = SSL_get_SSL_CTX(ssl); @@ -5974,15 +5974,15 @@ if (!(issuer = find_issuer(cert,store,chain))) croak("cannot find issuer certificate"); if (!(id = OCSP_cert_to_id(EVP_sha1(),cert,issuer))) - croak("out of memory for generating OCSO certid"); - if (!(len = i2d_OCSP_CERTID(id,NULL))) + croak("out of memory for generating OCSP certid"); + + pi = NULL; + if (!(len = i2d_OCSP_CERTID(id,&pi))) croak("OCSP certid has no length"); - Newx(pc,len,unsigned char); - if (!pc) croak("out of memory"); - pi = pc; - i2d_OCSP_CERTID(id,&pi); - XPUSHs(sv_2mortal(newSVpv((char*)pc,len))); - Safefree(pc); + XPUSHs(sv_2mortal(newSVpvn((char *)pi, len))); + + free(pi); + OCSP_CERTID_free(id); } @@ -6204,6 +6204,7 @@ croak("%s", error); } } + OCSP_BASICRESP_free(bsr); if (!want_array) XPUSHs(sv_2mortal(newSViv(nextupd)));
Subject: Re: [rt.cpan.org #121192] memory leaks in OCSP handling - patch included
Date: Sun, 16 Apr 2017 20:18:22 +0100
To: bug-Net-SSLeay [...] rt.cpan.org
From: Mike McCauley <mikem [...] airspayce.com>
Download (untitled) / with headers
text/plain 1.8k
Thanks. It will be a few weeks before I can test and apply this. Cheers Sent from my iPhone Show quoted text
> On 16 Apr 2017, at 7:30 pm, Steffen Ullrich via RT <bug-Net-SSLeay@rt.cpan.org> wrote: > > Sun Apr 16 14:30:14 2017: Request 121192 was acted upon. > Transaction: Ticket created by SULLR > Queue: Net-SSLeay > Subject: memory leaks in OCSP handling - patch included > Broken in: (no value) > Severity: (no value) > Owner: Nobody > Requestors: Steffen_Ullrich@genua.de > Status: new > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=121192 > > > > Hi, > there are some small memory leaks in the OCSP handling. > A tested patch against 1.81 is included. > > Regards, > Steffen > diff -uw Net-SSLeay-1.81.orig/SSLeay.xs Net-SSLeay-1.81/SSLeay.xs --- Net-SSLeay-1.81.orig/SSLeay.xs 2017-03-04 05:25:15.000000000 +0100 +++ Net-SSLeay-1.81/SSLeay.xs 2017-04-16 20:17:30.345322482 +0200 @@ -5959,7 +5959,7 @@ OCSP_CERTID *id; int i; STRLEN len; - unsigned char *pc,*pi; + unsigned char *pi; if (!ssl) croak("not a SSL object"); ctx = SSL_get_SSL_CTX(ssl); @@ -5974,15 +5974,15 @@ if (!(issuer = find_issuer(cert,store,chain))) croak("cannot find issuer certificate"); if (!(id = OCSP_cert_to_id(EVP_sha1(),cert,issuer))) - croak("out of memory for generating OCSO certid"); - if (!(len = i2d_OCSP_CERTID(id,NULL))) + croak("out of memory for generating OCSP certid"); + + pi = NULL; + if (!(len = i2d_OCSP_CERTID(id,&pi))) croak("OCSP certid has no length"); - Newx(pc,len,unsigned char); - if (!pc) croak("out of memory"); - pi = pc; - i2d_OCSP_CERTID(id,&pi); - XPUSHs(sv_2mortal(newSVpv((char*)pc,len))); - Safefree(pc); + XPUSHs(sv_2mortal(newSVpvn((char *)pi, len))); + + free(pi); + OCSP_CERTID_free(id); } @@ -6204,6 +6204,7 @@ croak("%s", error); } } + OCSP_BASICRESP_free(bsr); if (!want_array) XPUSHs(sv_2mortal(newSViv(nextupd)));


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.