Project

General

Profile

Bug #9743

memory leak in openssl ossl_pkey_verify leaks memory

Added by tux (Joel Westerberg) over 6 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Normal
Target version:
-
[ruby-core:62038]

Description

repeated calls to pub_key.verify(digest, signature, data) leaks memory.

from what I can gather from the openssl documentation, there seems to be a missing call to EVP_MD_CTX_cleanup()

FILE: ossl_pkey.c

326    EVP_VerifyUpdate(&ctx, RSTRING_PTR(data), RSTRING_LEN(data));
327    switch (EVP_VerifyFinal(&ctx, (unsigned char *)RSTRING_PTR(sig), RSTRING_LENINT(sig), pkey)) {
328    case 0:

from the openssl docs:

http://www.openssl.org/docs/crypto/EVP_VerifyInit.html

The call to EVP_VerifyFinal() internally finalizes a copy of the digest context. This means that calls to EVP_VerifyUpdate() and EVP_VerifyFinal() can be called later to digest and verify additional data.
Since only a copy of the digest context is ever finalized the context must be cleaned up after use by calling EVP_MD_CTX_cleanup() or a memory leak will occur.


Related issues

Related to Backport200 - Backport #9746: backport r45595Closednagachika (Tomoyuki Chikanaga)04/16/2014Actions
Related to Ruby master - Bug #9984: OpenSSL::TestPKeyRSA#test_sign_verify_memory_leak timeouts on ARMClosednagachika (Tomoyuki Chikanaga)06/27/2014Actions

Also available in: Atom PDF