[tor-bugs] #20553 [Core Tor/Tor]: Memory leak in crypto_write_public_key_to_string() with OpenSSL master
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Nov 3 14:46:15 UTC 2016
#20553: Memory leak in crypto_write_public_key_to_string() with OpenSSL master
---------------------------------------+-----------------------------------
Reporter: nickm | Owner:
Type: defect | Status: new
Priority: Medium | Milestone: Tor:
| 0.3.0.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: 029-backport 028-backport | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
---------------------------------------+-----------------------------------
Comment (by nickm):
To reproduce, build with --enable-expensive-hardening and an appropriate
version of OpenSSL. Then run ./src/test/test crypto/pk . You'll see:
{{{
=================================================================
==29032==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 16 byte(s) in 1 object(s) allocated from:
#0 0x7f2f849e1e60 in malloc (/lib64/libasan.so.3+0xc6e60)
#1 0x7f2f83c197ed in CRYPTO_zalloc
(/home/nickm/opt/openssl//lib/libcrypto.so.1.1+0x15f7ed)
Indirect leak of 32 byte(s) in 1 object(s) allocated from:
#0 0x7f2f849e1e60 in malloc (/lib64/libasan.so.3+0xc6e60)
#1 0x7f2f83c197ed in CRYPTO_zalloc
(/home/nickm/opt/openssl//lib/libcrypto.so.1.1+0x15f7ed)
SUMMARY: AddressSanitizer: 48 byte(s) leaked in 2 allocation(s).
OK
}}}
Looking at the OpenSSL source in bss_mem.c, this appears to have been
introduced in their 9fe9d0461ea4bcc, which is in 1.1.
I'd call this an openssl bug, except our code here is just plain bizarre.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20553#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list