Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Missing resource release of function SSL_CTX_new() #81

Open
lc3412 opened this issue Jul 16, 2020 · 0 comments
Open

Missing resource release of function SSL_CTX_new() #81

lc3412 opened this issue Jul 16, 2020 · 0 comments

Comments

@lc3412
Copy link

lc3412 commented Jul 16, 2020

Hi,

I find that several error handling sites forget to free the resource, which is allocated by function SSL_CTX_new(). See the following code, at line 128, function SSL_CTX_new() allocates the resource. However, several followed up error handling sites forget to free the resource that allocated by SSL_CTX_new(), including the handling actions of function SSL_new() (line 170 - line 172), SSL_set_fd() (line 181 - line 183), SSL_connect() (line 189 - line 191), SSL_get_peer_certificate(line 197 - line 199). For example, function SSL_new() does the handling actions: print the log message, then propogate the error code, therefore, miss the resource release action related to SSL_CTX_new(). This causes a missing resource release bug about function SSL_CTX_new().

function SSL_CTX_new() call site:

dma/crypto.c

Line 128 in 14ea7d7

ctx = SSL_CTX_new(meth);

followed up handling actions:

dma/crypto.c

Lines 168 to 173 in 14ea7d7

config.ssl = SSL_new(ctx);
if (config.ssl == NULL) {
syslog(LOG_NOTICE, "remote delivery deferred: SSL struct creation failed: %s",
ssl_errstr());
return (1);
}

dma/crypto.c

Lines 179 to 184 in 14ea7d7

error = SSL_set_fd(config.ssl, fd);
if (error == 0) {
syslog(LOG_NOTICE, "remote delivery deferred: SSL set fd failed: %s",
ssl_errstr());
return (1);
}

dma/crypto.c

Lines 187 to 192 in 14ea7d7

error = SSL_connect(config.ssl);
if (error != 1) {
syslog(LOG_ERR, "remote delivery deferred: SSL handshake failed fatally: %s",
ssl_errstr());
return (1);
}

dma/crypto.c

Lines 195 to 200 in 14ea7d7

cert = SSL_get_peer_certificate(config.ssl);
if (cert == NULL) {
syslog(LOG_WARNING, "remote delivery deferred: Peer did not provide certificate: %s",
ssl_errstr());
return (1);
}

======================================================================

Furthermore, I check the usages of SSL_CTX_new() from other projects, for instance, in the OpenSSL project at apps/ciphers.c. See the following code, in the end, the resource allocated by SSL_CTX_new() is freed by the action SSL_CTX_free(ctx) (line 280) :

line 195:    ctx = SSL_CTX_new(meth);
...
line 223:    ssl = SSL_new(ctx);
line 224:    if (ssl == NULL)
line 225:        goto err;
...
line 275: err:
line 276:    ERR_print_errors(bio_err);
line 277: end:
line 278:    if (use_supported)
line 279:        sk_SSL_CIPHER_free(sk);
line 280:    SSL_CTX_free(ctx);
line 281:    SSL_free(ssl);
line 282:    return ret;

Ref: https://github.com/openssl/openssl/blob/master/apps/ciphers.c
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@lc3412