[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS client certificates and memory use



On Thu, 4 Dec 2008, David Hawes wrote:
...
> Here is an excerpt of the valgrind output when using client certificates:
> 
> ==13311== 4,906 (92 direct, 4,814 indirect) bytes in 1 blocks are
> definitely lost in loss record 19 of 23
...
> ==13311==    by 0x4286A57: d2i_X509 (x_x509.c:136)
> ==13311==    by 0x4194F26: ssl3_get_client_certificate (s3_srvr.c:2521)
...
> It seems like something doesn't get freed properly when client
> certificates are used, but I have been unable to track it down so far.

In 2.4.x, tls_get_cert_dn() leaks a reference to the client's X509 cert: 
the call to SSL_get_peer_certificate() in tls_get_cert() increments the 
reference count on the cert and it never gets decremented by a call to 
X509_free().  Simply adding the call there might not be safe, depending on 
whether the berval that tls_get_cert_dn() sets up relies on the underlying 
X509 to stay valid for longer than this chain of calls, as the X509 may be 
invalidated by a rehandshake.


Philip Guenther