cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: Proposed fix for OpenSSL memory leaks.

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Thu, 8 Mar 2012 21:14:04 +0100 (CET)

On Wed, 29 Feb 2012, λΙΣΕΜΨΗΟΧ εΧΗΕΞΙΚ wrote:

Thanks for your report and help!

So we've been building curl with SSL since 1998, since even before OpenSSL was
called OpenSSL and we *still* have memory leaks. That has to say something
about the state of the API and its documentation...

> Current version of cURL lib compiled with OpenSSL( + zlib) have some
> memory leaks in multi-thread scenario.
>
> The first mem leak - incorrect OpenSLL cleaning in easy interface (function
> curl_easy_cleanup()). The old versions of cURL (in curl_easy_cleanup()) had
> call of ERR_remove_??? OpenSSL method. For single-theraded app this mem pool
> will be cleaned in curl_global_cleanup(), but multi-thread app have memore
> leaks. I propose such fix for multithreading:

> curl_easy_cleanup_multithreads() is the external interface to
> cleaning/freeing the given * easy handle.

Are you really suggesting a separate cleanup call when the library is used
multi-threaded? We really cannot accept that and it would be far too error
prone. We must make the fix work with the existing API and calling
conventions.

Is there a reason we can't just call ERR_remove_thread_state() or
ERR_remove_state() in the existing function?

> /* If SSLeay exists */
> #if defined(USE_SSLEAY)

... but we don't do OpenSSL calls in any other source code than lib/ssluse.c.
It needs to be done properly.

> Second mem leak. OpenSSL 1.0.0 have mem stack for compression
> algorithms - ssl_comp_methods (file ssl_chip.c), but never free it! We
> can do such cleaning in curl_global_cleanup(), for example:

Are you sure about this? Isn't this rather an OpenSSL bug if that is the case?

Can you provide any further information about this?

> #if defined(USE_SSLEAY)

Similarly, the OpenSSL using code must be moved to the correct place.

-- 
  / daniel.haxx.se

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2012-03-08