Project

General

Profile

Actions
Copy link

Bug #9743

closed

memory leak in openssl ossl_pkey_verify leaks memory

Added by tux (Joel Westerberg) over 10 years ago. Updated over 9 years ago.

Status:
Closed
Assignee:
zzak (zzak _)
Target version:
-
ruby -v:
2.2.0
Backport:
1.9.3: REQUIRED, 2.0.0: DONE, 2.1: DONE
[ruby-core:62038]

Description

repeated calls to pub_key.verify(digest, signature, data) leaks memory.

from what I can gather from the openssl documentation, there seems to be a missing call to EVP_MD_CTX_cleanup()

FILE: ossl_pkey.c

326    EVP_VerifyUpdate(&ctx, RSTRING_PTR(data), RSTRING_LEN(data));
327    switch (EVP_VerifyFinal(&ctx, (unsigned char *)RSTRING_PTR(sig), RSTRING_LENINT(sig), pkey)) {
328    case 0:

from the openssl docs:

http://www.openssl.org/docs/crypto/EVP_VerifyInit.html

The call to EVP_VerifyFinal() internally finalizes a copy of the digest context. This means that calls to EVP_VerifyUpdate() and EVP_VerifyFinal() can be called later to digest and verify additional data.
Since only a copy of the digest context is ever finalized the context must be cleaned up after use by calling EVP_MD_CTX_cleanup() or a memory leak will occur.

Related issues 2 (0 open2 closed)

Related to Backport200 - Backport #9746: backport r45595Closednagachika (Tomoyuki Chikanaga)04/16/2014Actions
Related to Ruby master - Bug #9984: OpenSSL::TestPKeyRSA#test_sign_verify_memory_leak timeouts on ARMClosednagachika (Tomoyuki Chikanaga)06/27/2014Actions
Actions
Copy link
 #1 [ruby-core:62042]

Updated by nobu (Nobuyoshi Nakada) over 10 years ago

  • Status changed from Open to Closed
  • % Done changed from 0 to 100

Applied in changeset r45595.

ossl_pkey.c: fix memory leak

  • ext/openssl/ossl_pkey.c (ossl_pkey_verify): as EVP_VerifyFinal()
    finalizes only a copy of the digest context, the context must be
    cleaned up after initialization by EVP_MD_CTX_cleanup() or a
    memory leak will occur. [ruby-core:62038] [Bug #9743]
Actions
Copy link
 #2 [ruby-core:62043]

Updated by nobu (Nobuyoshi Nakada) over 10 years ago

  • Description updated (diff)
  • Backport changed from 2.0.0: UNKNOWN, 2.1: UNKNOWN to 1.9.3: REQUIRED, 2.0.0: REQUIRED, 2.1: REQUIRED
Actions
Copy link
 #3 [ruby-core:62362]

Updated by nagachika (Tomoyuki Chikanaga) over 10 years ago

  • Backport changed from 1.9.3: REQUIRED, 2.0.0: REQUIRED, 2.1: REQUIRED to 1.9.3: REQUIRED, 2.0.0: REQUIRED, 2.1: DONE

r45595 was backported into ruby_2_1 at r45821.

Actions
Copy link
 #4 [ruby-core:62450]

Updated by usa (Usaku NAKAMURA) over 10 years ago

  • Backport changed from 1.9.3: REQUIRED, 2.0.0: REQUIRED, 2.1: DONE to 1.9.3: REQUIRED, 2.0.0: DONE, 2.1: DONE

backported into ruby_2_0_0 at r45868.

Actions
Copy link
 #5 [ruby-core:62453]

Updated by usa (Usaku NAKAMURA) over 10 years ago

Actions
Copy link
 #6 [ruby-core:63330]

Updated by vo.x (Vit Ondruch) over 10 years ago

This is causing test suite timeout on Fedora Rawhide ARM builder :/

https://kojipkgs.fedoraproject.org//work/tasks/4012/7074012/build.log

Actions
Copy link
 #7 [ruby-core:63369]

Updated by vo.x (Vit Ondruch) over 10 years ago

  • Related to Bug #9984: OpenSSL::TestPKeyRSA#test_sign_verify_memory_leak timeouts on ARM added
Actions
Copy link
 #8 [ruby-core:67857]

Updated by zzak (zzak _) almost 10 years ago

  • Status changed from Closed to Open
  • Assignee set to zzak (zzak _)
  • ruby -v changed from 2.1.1 to 2.2.0

Seeing this test failure on travis:
https://travis-ci.org/zzak/openssl/jobs/48587976

I think we should re-open this ticket until its resolved.

Actions
Copy link
 #9 [ruby-core:69456]

Updated by zzak (zzak _) over 9 years ago

  • Status changed from Open to Closed

The failure has been fixed, so we can close this ticket.

Actions
Copy link

Also available in: Atom PDF

Like0
Like0Like0Like0Like0Like0Like0Like0Like0Like0