Skip Menu |

This queue is for tickets about the Net-SSLeay CPAN distribution.

Report information
The Basics
Id: 120125
Status: resolved
Priority: 0/
Queue: Net-SSLeay
People
Owner: MIKEM [...] cpan.org
Requestors: jwestfall [...] surrealistic.net
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: 1.81

History Show all quoted text
  Mon Feb 06 16:23:46 2017 jwestfall [...] surrealistic.net - Ticket created
Subject: calling X509_get_subject_name() from a verify callback function causes a memory leak
Date: Mon, 6 Feb 2017 13:16:53 -0800
To: bug-Net-SSLeay [...] rt.cpan.org
From: Jim Westfall <jwestfall [...] surrealistic.net>
Hi If you use Net::SSLeay::X509_get_subject_name($cert) from within a Net::SSLeay::CTX_set_verify() callback function its leaking memory. Attached is a sample script showing the issue. If you comment out the call to X509_get_subject_name() the leak magically stops. If you dont use a callback, say just use get_https3() then doing a X509_get_subject_name() on that cert the leak doesnt happen. The only way I've gotten the callback leak to stop is with the following patch --- Net-SSLeay-1.80/SSLeay.xs 2017-01-04 13:39:08.000000000 -0800 +++ Net-SSLeay-1.80-altnames/SSLeay.xs 2017-02-06 09:21:55.000000000 -0800 @@ -3120,6 +3120,7 @@ X509_get_subjectAltNames(cert) } } + sk_GENERAL_NAME_pop_free(subjAltNameDNs, GENERAL_NAME_free); } XSRETURN(count * 2); thanks jim

Message body is not shown because sender requested not to inline it.

  Mon Feb 06 16:32:49 2017 jwestfall [...] surrealistic.net - Correspondence added
Subject: Re: [rt.cpan.org #120125] calling X509_get_subjectAltNames() from a verify callback function causes a memory leak
Date: Mon, 6 Feb 2017 13:32:20 -0800
To: Bugs in Net-SSLeay via RT <bug-Net-SSLeay [...] rt.cpan.org>
From: Jim Westfall <jwestfall [...] surrealistic.net>
err I cut/paste the wrong function name into the email. The leak is with X509_get_subjectAltNames() and not X509_get_subject_name(). thanks jim Bugs in Net-SSLeay via RT <bug-Net-SSLeay@rt.cpan.org> wrote [02.06.17]: Show quoted text
> Hi > > If you use Net::SSLeay::X509_get_subject_name($cert) from within a > Net::SSLeay::CTX_set_verify() callback function its leaking memory. > Attached is a sample script showing the issue. If you comment out the > call to X509_get_subject_name() the leak magically stops. > > If you dont use a callback, say just use get_https3() then doing a > X509_get_subject_name() on that cert the leak doesnt happen. > > The only way I've gotten the callback leak to stop is with the following > patch > > --- Net-SSLeay-1.80/SSLeay.xs 2017-01-04 13:39:08.000000000 -0800 > +++ Net-SSLeay-1.80-altnames/SSLeay.xs 2017-02-06 09:21:55.000000000 -0800 > @@ -3120,6 +3120,7 @@ X509_get_subjectAltNames(cert) > > } > } > + sk_GENERAL_NAME_pop_free(subjAltNameDNs, GENERAL_NAME_free); > } > XSRETURN(count * 2); > > thanks > jim
  Mon Feb 06 22:27:10 2017 mikem [...] airspayce.com - Correspondence added
Subject: Re: [rt.cpan.org #120125] calling X509_get_subjectAltNames() from a verify callback function causes a memory leak
Date: Tue, 07 Feb 2017 13:03:50 +1000
To: bug-Net-SSLeay [...] rt.cpan.org
From: Mike McCauley <mikem [...] airspayce.com>
Thansk Jim, your patch is now in SVN 488 and will appear in the next release. Cheers. On Monday, 6 February 2017 4:32:50 PM AEST Jim Westfall via RT wrote: Show quoted text
> Queue: Net-SSLeay > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=120125 > > > err I cut/paste the wrong function name into the email. The leak is with > X509_get_subjectAltNames() and not X509_get_subject_name(). > > thanks > jim > > Bugs in Net-SSLeay via RT <bug-Net-SSLeay@rt.cpan.org> wrote [02.06.17]:
> > Hi > > > > If you use Net::SSLeay::X509_get_subject_name($cert) from within a > > Net::SSLeay::CTX_set_verify() callback function its leaking memory. > > Attached is a sample script showing the issue. If you comment out the > > call to X509_get_subject_name() the leak magically stops. > > > > If you dont use a callback, say just use get_https3() then doing a > > X509_get_subject_name() on that cert the leak doesnt happen. > > > > The only way I've gotten the callback leak to stop is with the following > > patch > > > > --- Net-SSLeay-1.80/SSLeay.xs 2017-01-04 13:39:08.000000000 -0800 > > +++ Net-SSLeay-1.80-altnames/SSLeay.xs 2017-02-06 09:21:55.000000000 > > -0800 > > @@ -3120,6 +3120,7 @@ X509_get_subjectAltNames(cert) > > > > } > > > > } > > > > + sk_GENERAL_NAME_pop_free(subjAltNameDNs, > > GENERAL_NAME_free);> > > } > > XSRETURN(count * 2); > > > > thanks > > jim
-- Mike McCauley VK4AMM mikem@airspayce.com Airspayce Pty Ltd 9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.airspayce.com Phone +61 7 5598-7474
  Mon Feb 06 22:27:12 2017 The RT System itself - Status changed from 'new' to 'open'
  Mon Feb 06 23:19:49 2017 jwestfall [...] surrealistic.net - Correspondence added
Subject: Re: [rt.cpan.org #120125] calling X509_get_subjectAltNames() from a verify callback function causes a memory leak
Date: Mon, 6 Feb 2017 20:19:32 -0800
To: Mike McCauley via RT <bug-Net-SSLeay [...] rt.cpan.org>
From: Jim Westfall <jwestfall [...] surrealistic.net>
Sound good. thanks! jim Mike McCauley via RT <bug-Net-SSLeay@rt.cpan.org> wrote [02.06.17]: Show quoted text
> <URL: https://rt.cpan.org/Ticket/Display.html?id=120125 > > > Thansk Jim, > > your patch is now in SVN 488 and will appear in the next release. > > Cheers. > > On Monday, 6 February 2017 4:32:50 PM AEST Jim Westfall via RT wrote:
> > Queue: Net-SSLeay > > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=120125 > > > > > err I cut/paste the wrong function name into the email. The leak is with > > X509_get_subjectAltNames() and not X509_get_subject_name(). > > > > thanks > > jim > > > > Bugs in Net-SSLeay via RT <bug-Net-SSLeay@rt.cpan.org> wrote [02.06.17]:
> > > Hi > > > > > > If you use Net::SSLeay::X509_get_subject_name($cert) from within a > > > Net::SSLeay::CTX_set_verify() callback function its leaking memory. > > > Attached is a sample script showing the issue. If you comment out the > > > call to X509_get_subject_name() the leak magically stops. > > > > > > If you dont use a callback, say just use get_https3() then doing a > > > X509_get_subject_name() on that cert the leak doesnt happen. > > > > > > The only way I've gotten the callback leak to stop is with the following > > > patch > > > > > > --- Net-SSLeay-1.80/SSLeay.xs 2017-01-04 13:39:08.000000000 -0800 > > > +++ Net-SSLeay-1.80-altnames/SSLeay.xs 2017-02-06 09:21:55.000000000 > > > -0800 > > > @@ -3120,6 +3120,7 @@ X509_get_subjectAltNames(cert) > > > > > > } > > > > > > } > > > > > > + sk_GENERAL_NAME_pop_free(subjAltNameDNs, > > > GENERAL_NAME_free);> > > > } > > > XSRETURN(count * 2); > > > > > > thanks > > > jim
> > > -- > Mike McCauley VK4AMM mikem@airspayce.com > Airspayce Pty Ltd 9 Bulbul Place Currumbin Waters QLD 4223 Australia > http://www.airspayce.com > Phone +61 7 5598-7474
  Sun Jul 08 12:18:52 2018 chrisn [...] cpan.org - Status changed from 'open' to 'resolved'
  Sun Jul 08 12:18:52 2018 chrisn [...] cpan.org - Given to MIKEM
  Sun Jul 08 12:18:53 2018 chrisn [...] cpan.org - Fixed in 1.81 added