Ubuntu
openssl package

Memory leak in libcrypto.so\libssl.so

Bug #1260230 reported by Alexander
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
openssl (Ubuntu)
Expired
Undecided
Unassigned

Bug Description

I've found a bug in openssl 1.0.1-4ubuntu5.10. Was trying to use libpq\libmysql.so to connect to database and did not specify sslmode so it used ssl to connect to database, when i've checked with valgrind i've detected some memory leak:

==25346== Memcheck, a memory error detector
==25346== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==25346== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
==25346== Command: ./test
==25346==
==25346==
==25346== HEAP SUMMARY:
==25346== in use at exit: 81,152 bytes in 2,769 blocks
==25346== total heap usage: 4,388 allocs, 1,619 frees, 281,833 bytes allocated
==25346==
==25346== 160 (40 direct, 120 indirect) bytes in 1 blocks are definitely lost in loss record 229 of 279
==25346== at 0x402BE68: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==25346== by 0x416E84E: nss_parse_service_list (nsswitch.c:678)
==25346== by 0x416EFC9: __nss_database_lookup (nsswitch.c:175)
==25346== by 0x4EB6168: ???
==25346== by 0x4EB7B5C: ???
==25346== by 0x4125FA6: getpwuid_r@@GLIBC_2.1.2 (getXXbyYY_r.c:256)
==25346== by 0x405F691: ??? (in /usr/lib/libpq.so.5.4)
==25346== by 0x404C6BD: ??? (in /usr/lib/libpq.so.5.4)
==25346== by 0x404D06A: ??? (in /usr/lib/libpq.so.5.4)
==25346== by 0x404EC4A: ??? (in /usr/lib/libpq.so.5.4)
==25346== by 0x404EF2F: ??? (in /usr/lib/libpq.so.5.4)
==25346== by 0x404F31E: PQconnectStart (in /usr/lib/libpq.so.5.4)
==25346==
==25346== LEAK SUMMARY:
==25346== definitely lost: 40 bytes in 1 blocks
==25346== indirectly lost: 120 bytes in 10 blocks
==25346== possibly lost: 0 bytes in 0 blocks
==25346== still reachable: 80,992 bytes in 2,758 blocks
==25346== suppressed: 0 bytes in 0 blocks
==25346== Reachable blocks (those to which a pointer was found) are not shown.
==25346== To see them, rerun with: --leak-check=full --show-reachable=yes
==25346==
==25346== For counts of detected and suppressed errors, rerun with: -v
==25346== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)

with sslmode=disable i see this:
==28708== Memcheck, a memory error detector
==28708== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==28708== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
==28708== Command: ./test
==28708==
==28708==
==28708== HEAP SUMMARY:
==28708== in use at exit: 160 bytes in 11 blocks
==28708== total heap usage: 138 allocs, 127 frees, 46,314 bytes allocated
==28708==
==28708== 160 (40 direct, 120 indirect) bytes in 1 blocks are definitely lost in loss record 11 of 11
==28708== at 0x402BE68: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==28708== by 0x416E84E: nss_parse_service_list (nsswitch.c:678)
==28708== by 0x416EFC9: __nss_database_lookup (nsswitch.c:175)
==28708== by 0x4EB6168: ???
==28708== by 0x4EB7B5C: ???
==28708== by 0x4125FA6: getpwuid_r@@GLIBC_2.1.2 (getXXbyYY_r.c:256)
==28708== by 0x405F691: ??? (in /usr/lib/libpq.so.5.4)
==28708== by 0x404C6BD: ??? (in /usr/lib/libpq.so.5.4)
==28708== by 0x404D06A: ??? (in /usr/lib/libpq.so.5.4)
==28708== by 0x404EC4A: ??? (in /usr/lib/libpq.so.5.4)
==28708== by 0x404EF2F: ??? (in /usr/lib/libpq.so.5.4)
==28708== by 0x404F31E: PQconnectStart (in /usr/lib/libpq.so.5.4)
==28708==
==28708== LEAK SUMMARY:
==28708== definitely lost: 40 bytes in 1 blocks
==28708== indirectly lost: 120 bytes in 10 blocks
==28708== possibly lost: 0 bytes in 0 blocks
==28708== still reachable: 0 bytes in 0 blocks
==28708== suppressed: 0 bytes in 0 blocks
==28708==
==28708== For counts of detected and suppressed errors, rerun with: -v
==28708== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)

also test openssl program(attached) have a leak 47700 bytes

Revision history for this message
Alexander (morfin60) wrote :
Changed in linux (Ubuntu):
assignee: nobody → Alexander (morfin60)
assignee: Alexander (morfin60) → nobody
Revision history for this message
Brad Figg (brad-figg) wrote : Missing required logs.

This bug is missing log files that will aid in diagnosing the problem. From a terminal window please run:

apport-collect 1260230

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status: New → Incomplete
Revision history for this message
Alexander (morfin60) wrote :

I can't run apport-collect from cli

Changed in linux (Ubuntu):
status: Incomplete → Confirmed
Joseph Salisbury (jsalisbury)
Changed in linux (Ubuntu):
importance: Undecided → Medium
importance: Medium → Undecided
affects: linux (Ubuntu) → openssl (Ubuntu)
Changed in openssl (Ubuntu):
status: Confirmed → New
Revision history for this message
Adrien Nader (adrien) wrote :

I wasn't able to reproduce the issue. I've tried the attached reproducer but:
- I don't have a file "TrustStore.pem",
- if I comment out the block of code that tries to load this file, I get "Certificate verification error: 20",
- in both cases, valgrind reports no memory lost or still reachable.

I'll mark this bug as Incomplete.

Changed in openssl (Ubuntu):
status: New → Incomplete
Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for openssl (Ubuntu) because there has been no activity for 60 days.]

Changed in openssl (Ubuntu):
status: Incomplete → Expired
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.