Bug #9743

memory leak in openssl ossl_pkey_verify leaks memory

Added by Joel Westerberg about 1 year ago. Updated 3 months ago.

[ruby-core:62038]
Status:Open
Priority:Normal
Assignee:Zachary Scott
ruby -v:2.2.0 Backport:1.9.3: REQUIRED, 2.0.0: DONE, 2.1: DONE

Description

repeated calls to pub_key.verify(digest, signature, data) leaks memory.

from what I can gather from the openssl documentation, there seems to be a missing call to EVP_MD_CTX_cleanup()

FILE: ossl_pkey.c

326    EVP_VerifyUpdate(&ctx, RSTRING_PTR(data), RSTRING_LEN(data));
327    switch (EVP_VerifyFinal(&ctx, (unsigned char *)RSTRING_PTR(sig), RSTRING_LENINT(sig), pkey)) {
328    case 0:

from the openssl docs:

http://www.openssl.org/docs/crypto/EVP_VerifyInit.html

The call to EVP_VerifyFinal() internally finalizes a copy of the digest context. This means that calls to EVP_VerifyUpdate() and EVP_VerifyFinal() can be called later to digest and verify additional data.
Since only a copy of the digest context is ever finalized the context must be cleaned up after use by calling EVP_MD_CTX_cleanup() or a memory leak will occur.


Related issues

Related to Backport200 - Backport #9746: backport r45595 Closed 04/16/2014
Related to Ruby trunk - Bug #9984: OpenSSL::TestPKeyRSA#test_sign_verify_memory_leak timeouts on ARM Closed 06/27/2014

Associated revisions

Revision 45595
Added by Nobuyoshi Nakada about 1 year ago

ossl_pkey.c: fix memory leak

  • ext/openssl/ossl_pkey.c (ossl_pkey_verify): as EVP_VerifyFinal() finalizes only a copy of the digest context, the context must be cleaned up after initialization by EVP_MD_CTX_cleanup() or a memory leak will occur. [Bug #9743]

Revision 45595
Added by Nobuyoshi Nakada about 1 year ago

ossl_pkey.c: fix memory leak

  • ext/openssl/ossl_pkey.c (ossl_pkey_verify): as EVP_VerifyFinal() finalizes only a copy of the digest context, the context must be cleaned up after initialization by EVP_MD_CTX_cleanup() or a memory leak will occur. [Bug #9743]

Revision 45821
Added by Tomoyuki Chikanaga 12 months ago

merge revision(s) r45595: [Backport #9743] [Backport #9745]

* ext/openssl/ossl_pkey.c (ossl_pkey_verify): as EVP_VerifyFinal()
  finalizes only a copy of the digest context, the context must be
  cleaned up after initialization by EVP_MD_CTX_cleanup() or a
  memory leak will occur.   [Bug #9743]

Revision 45868
Added by Usaku NAKAMURA 12 months ago

merge revision(s) 45595: [Backport #9743]

* ext/openssl/ossl_pkey.c (ossl_pkey_verify): as EVP_VerifyFinal()
  finalizes only a copy of the digest context, the context must be
  cleaned up after initialization by EVP_MD_CTX_cleanup() or a
  memory leak will occur.   [Bug #9743]

History

#1 Updated by Nobuyoshi Nakada about 1 year ago

  • Status changed from Open to Closed
  • % Done changed from 0 to 100

Applied in changeset r45595.


ossl_pkey.c: fix memory leak

  • ext/openssl/ossl_pkey.c (ossl_pkey_verify): as EVP_VerifyFinal() finalizes only a copy of the digest context, the context must be cleaned up after initialization by EVP_MD_CTX_cleanup() or a memory leak will occur. [Bug #9743]

#2 Updated by Nobuyoshi Nakada about 1 year ago

  • Description updated (diff)
  • Backport changed from 2.0.0: UNKNOWN, 2.1: UNKNOWN to 1.9.3: REQUIRED, 2.0.0: REQUIRED, 2.1: REQUIRED

#3 Updated by Tomoyuki Chikanaga 12 months ago

  • Backport changed from 1.9.3: REQUIRED, 2.0.0: REQUIRED, 2.1: REQUIRED to 1.9.3: REQUIRED, 2.0.0: REQUIRED, 2.1: DONE

r45595 was backported into ruby_2_1 at r45821.

#4 Updated by Usaku NAKAMURA 12 months ago

  • Backport changed from 1.9.3: REQUIRED, 2.0.0: REQUIRED, 2.1: DONE to 1.9.3: REQUIRED, 2.0.0: DONE, 2.1: DONE

backported into ruby_2_0_0 at r45868.

#5 Updated by Usaku NAKAMURA 12 months ago

#6 Updated by Vit Ondruch 10 months ago

This is causing test suite timeout on Fedora Rawhide ARM builder :/

https://kojipkgs.fedoraproject.org//work/tasks/4012/7074012/build.log

#7 Updated by Vit Ondruch 10 months ago

  • Related to Bug #9984: OpenSSL::TestPKeyRSA#test_sign_verify_memory_leak timeouts on ARM added

#8 Updated by Zachary Scott 3 months ago

  • Status changed from Closed to Open
  • Assignee set to Zachary Scott
  • ruby -v changed from 2.1.1 to 2.2.0

Seeing this test failure on travis:
https://travis-ci.org/zzak/openssl/jobs/48587976

I think we should re-open this ticket until its resolved.

Also available in: Atom PDF