Project

General

Profile

Actions
Copy link

Bug #9743

closed

memory leak in openssl ossl_pkey_verify leaks memory

Added by tux (Joel Westerberg) about 11 years ago. Updated almost 10 years ago.

Status:
Closed
Assignee:
zzak (zzak _)
Target version:
-
ruby -v:
2.2.0
Backport:
1.9.3: REQUIRED, 2.0.0: DONE, 2.1: DONE
[ruby-core:62038]

Description

repeated calls to pub_key.verify(digest, signature, data) leaks memory.

from what I can gather from the openssl documentation, there seems to be a missing call to EVP_MD_CTX_cleanup()

FILE: ossl_pkey.c

326    EVP_VerifyUpdate(&ctx, RSTRING_PTR(data), RSTRING_LEN(data));
327    switch (EVP_VerifyFinal(&ctx, (unsigned char *)RSTRING_PTR(sig), RSTRING_LENINT(sig), pkey)) {
328    case 0:

from the openssl docs:

http://www.openssl.org/docs/crypto/EVP_VerifyInit.html

The call to EVP_VerifyFinal() internally finalizes a copy of the digest context. This means that calls to EVP_VerifyUpdate() and EVP_VerifyFinal() can be called later to digest and verify additional data.
Since only a copy of the digest context is ever finalized the context must be cleaned up after use by calling EVP_MD_CTX_cleanup() or a memory leak will occur.

Related issues 1 (0 open1 closed)

Related to Ruby - Bug #9984: OpenSSL::TestPKeyRSA#test_sign_verify_memory_leak timeouts on ARMClosednagachika (Tomoyuki Chikanaga)06/27/2014Actions
Actions
Copy link

Also available in: Atom PDF

Like0
Like0Like0Like0Like0Like0Like0Like0Like0