Navigation Menu

Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WolfSSL memory leak #6616

Closed
gvanem opened this issue Feb 17, 2021 · 0 comments
Closed

WolfSSL memory leak #6616

gvanem opened this issue Feb 17, 2021 · 0 comments
Assignees
@bagder
Labels
memory-leak TLS

Comments

@gvanem
Copy link
Contributor

gvanem commented Feb 17, 2021

I did this

  • Build everything with MSVC-2019 (Release) from a fresh git pull 2 hours and with:
    -DCURLDEBUG=1 -DDEBUGBUILD=1 -DCURL_WITH_MULTI_SSL in my CFLAGS.

  • Added these env-vars:

    • c:\> set CURL_SSL_BACKEND=wolfssl and
    • c:\> set CURL_MEMDEBUG=f:\gv\tmp\memdebug.curl

  • Commented out random-file and cacert in my %APPDATA%/curlrc and then ran some curl commands with
    perl test/memanalyze.pl in between:

curl.exe -oNUL https://www.vg.no:

At df4f480, there's 36 bytes. 
 allocated by vtls/vtls.c:165
At dfe0980, there's 15 bytes.
 allocated by vtls/vtls.c:510

curl.exe -oNUL https://www.vg.no --random-file f:\gv\tmp\.rand:

At da03928, there's 36 bytes.
 allocated by vtls/vtls.c:165
At e080490, there's 10 bytes.
 allocated by vtls/vtls.c:510
At e080580, there's 16 bytes.
 allocated by vtls/vtls.c:167

Definitely an issue with CLONE_STRING(random_file). Not sure about the 2 others.

It seems Curl_free_primary_ssl_config() isn't always called for WolfSSL. Not sure how that should happen since the comment in vtls/wolfssl.c:

  static void wolfssl_session_free(void *ptr)
  {
    (void)ptr;
    /* wolfSSL reuses sessions on own, no free */
  }

made me wonder if the leak was caused by WolfSSL (I think not).

I expected the following

A perl test/memanalyze.pl to report no memory leaks.

curl/libcurl version

curl 7.76.0-DEV (i386-pc-win32) libcurl/7.76.0-DEV wolfSSL/4.5.0 (mbedTLS/2.25.0) (OpenSSL/3.0.0) (Schannel (crustls/0.2.0/rustls/0.19.0) zlib/1.2.11 brotli/1.0.0 zstd/1.4.4 c-ares/1.17.0 WinIDN libssh2/1.9.0_DEV librtmp/2.3 Hyper/0.14.2
Release-Date: [unreleased]
Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap ldaps mqtt pop3 pop3s rtmp scp sftp smb smbs smtp smtps telnet tftp
Features: AsynchDNS Debug HTTP2 IDN IPv6 Kerberos Largefile MultiSSL NTLM SPNEGO SSL SSPI TLS-SRP TrackMemory UnixSocket s alt-svc brotli libz zstd

operating system

Windows-10, 20H2 (Build 19042.802).
@bagder bagder self-assigned this Feb 17, 2021
bagder added a commit that referenced this issue Feb 17, 2021
@bagder
wolfssl: don't store a NULL sessionid
82a351a 
This caused a memory leak as the session id cache entry was still
erroneously stored with a NULL sessionid and that would later be treated
as not needed to get freed.

Reported-by: Gisle Vanem
Fixes #6616
@bagder bagder mentioned this issue Feb 17, 2021
Closed
@bagder bagder closed this as completed in bc928be Feb 17, 2021
@aarond10 aarond10 mentioned this issue Apr 27, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bagder bagder

Labels
memory-leak TLS
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

wolfssl: don't store a NULL sessionid curl/curl
2 participants
@bagder @gvanem