Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Finish memory leak #27

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Finish memory leak #27

wants to merge 1 commit into from

Conversation

kazuho
Copy link
Member

@kazuho kazuho commented Sep 9, 2019

As reported in #26.

Differences from tatsuhiro-t@003de52 are:

  • NULL check of exdata has been omitted, as that is checked within get_privsep_data
  • all use of rsa_finish has been surrounded by NEVERBLEED_OPAQUE_RSA_METHOD

@omasanori Would you mind reviewing this PR?

Previously BN_MONT_CTX objects were not freed.  The default RSA method
uses static function rsa_ossl_finish() to free them.  This fix gets
the reference to the function and call it from our finish function.
@omasanori
Copy link
Contributor

@kazuho Sure.

Copy link
Contributor

@omasanori omasanori left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In principle, I am happy with this change. However, I doubt if it affects newer OpenSSL only. Please consider my comments below.

@@ -1431,6 +1439,7 @@ int neverbleed_init(neverbleed_t *nb, char *errbuf)
#ifdef NEVERBLEED_OPAQUE_RSA_METHOD
rsa_default_method = RSA_PKCS1_OpenSSL();
rsa_method = RSA_meth_dup(rsa_default_method);
rsa_finish = RSA_meth_get_finish(rsa_method);
Copy link
Contributor

@omasanori omasanori Sep 11, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I may miss some context, but I don't know why this and other changes are only for newer OpenSSL since RSA_METHOD has int (*finish) (RSA *rsa); even before OpenSSL 1.1.0. If there is no specific reasons, I would suggest putting rsa_finish = rsa_default_method->finish; in #else -- #endif below for older versions.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Note that, while getting the finish function pointer from the default method and doing from a clone of it is the same, the former might be better for consistency if you approve my comment.

@@ -1229,13 +1229,21 @@ __attribute__((noreturn)) static void *daemon_close_notify_thread(void *_close_n
_exit(0);
}

#ifdef NEVERBLEED_OPAQUE_RSA_METHOD
static int (*rsa_finish)(RSA *rsa);
Copy link
Contributor

@omasanori omasanori Sep 11, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If you make the change in neverbleed_init also for !NEVERBLEED_OPAQUE_RSA_METHOD, this declaration should be moved out of #ifdef.

static int priv_rsa_finish(RSA *rsa)
{
struct st_neverbleed_rsa_exdata_t *exdata;
struct st_neverbleed_thread_data_t *thdata;

get_privsep_data(rsa, &exdata, &thdata);

#ifdef NEVERBLEED_OPAQUE_RSA_METHOD
rsa_finish(rsa);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ditto.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants