Last Comment Bug 399300 - PKIX error results not freed after use.
: PKIX error results not freed after use.
Status: RESOLVED FIXED
: mlk
Product: NSS
Classification: Components
Component: Libraries (show other bugs)
: trunk
: x86 Linux
: -- normal (vote)
: 3.12
Assigned To: Alexei Volkov
:
:
Mentors:
Depends on:
Blocks: 397832
  Show dependency treegraph
 
Reported: 2007-10-10 04:17 PDT by Slavomir Katuscak
Modified: 2007-11-30 13:36 PST (History)
0 users
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---


Attachments
Ignored file cleanup (15.75 KB, patch)
2007-11-29 14:58 PST, Alexei Volkov
nelson: review+
Details | Diff | Splinter Review

Description Slavomir Katuscak 2007-10-10 04:17:07 PDT
In PKIX_Error_Create() function there is some memory allocated for pkixErrorResult. This memory is not freed after use. 

==27249== 1,188 bytes in 27 blocks are indirectly lost in loss record 61 of 64
==27249==    at 0x4004405: malloc (vg_replace_malloc.c:149)
==27249==    by 0x433F6EE: PR_Malloc (prmem.c:467)
==27249==    by 0x426EF70: PKIX_PL_Malloc (pkix_pl_mem.c:72)
==27249==    by 0x4272BEB: PKIX_PL_Object_Alloc (pkix_pl_object.c:532)
==27249==    by 0x41D605D: PKIX_Error_Create (pkix_error.c:433)
==27249==    by 0x41CA0DC: pkix_Throw (pkix_tools.c:188)
==27249==    by 0x42207E8: PKIX_PL_Cert_VerifySignature (pkix_pl_cert.c:2953)
==27249==    by 0x41A964F: pkix_Build_VerifyCertificate (pkix_build.c:1212)
==27249==    by 0x41B7305: pkix_BuildForwardDepthFirstSearch (pkix_build.c:2727)
==27249==    by 0x41C77A2: pkix_Build_InitiateBuildChain (pkix_build.c:4181)
==27249==    by 0x41C8DA0: PKIX_BuildChain (pkix_build.c:4364)
==27249==    by 0x4096CD0: cert_BuildAndValidateChain (certvfypkix.c:755)
==27249==    by 0x4098D4A: cert_VerifyCertChainPkix (certvfypkix.c:1141)
==27249==    by 0x408FA62: cert_VerifyCertChain (certvfy.c:945)
==27249==    by 0x408FAD5: CERT_VerifyCertChain (certvfy.c:957)
==27249==    by 0x4090A91: CERT_VerifyCert (certvfy.c:1555)
==27249==    by 0x4090BB1: CERT_VerifyCertNow (certvfy.c:1606)
==27249==    by 0x40208F1: SSL_AuthCertificate (sslauth.c:254)
==27249==    by 0x804BE7E: mySSLAuthCertificate (strsclnt.c:280)
==27249==    by 0x401CCD2: ssl3_HandleCertificate (ssl3con.c:7119)
==27249==    by 0x401E3FF: ssl3_HandleHandshakeMessage (ssl3con.c:7782)
==27249==    by 0x401E7E8: ssl3_HandleHandshake (ssl3con.c:7898)
==27249==    by 0x401F0BA: ssl3_HandleRecord (ssl3con.c:8161)
==27249==    by 0x402018A: ssl3_GatherCompleteHandshake (ssl3gthr.c:206)
==27249==    by 0x4022B36: ssl_GatherRecord1stHandshake (sslcon.c:1258)
==27249==    by 0x402A3C4: ssl_Do1stHandshake (sslsecur.c:151)
==27249==    by 0x402C572: ssl_SecureSend (sslsecur.c:1152)
==27249==    by 0x40322C0: ssl_Send (sslsock.c:1432)
==27249==    by 0x43356F0: PR_Send (priometh.c:226)
==27249==    by 0x804CB25: handle_connection (strsclnt.c:696)
==27249==    by 0x804D247: do_connects (strsclnt.c:887)
==27249==    by 0x804C3DB: thread_wrapper (strsclnt.c:439)
==27249==    by 0x4358734: _pt_root (ptthread.c:221)
==27249==    by 0x805370: start_thread (in /lib/tls/libpthread-2.3.4.so)
==27249==    by 0x66CFFD: clone (in /lib/tls/libc-2.3.4.so)

==27249== 2,376 bytes in 27 blocks are indirectly lost in loss record 62 of 64
==27249==    at 0x40056BF: calloc (vg_replace_malloc.c:279)
==27249==    by 0x433F74C: PR_Calloc (prmem.c:474)
==27249==    by 0x43507BE: PR_NewLock (ptsynch.c:174)
==27249==    by 0x4272DB8: PKIX_PL_Object_Alloc (pkix_pl_object.c:555)
==27249==    by 0x41D605D: PKIX_Error_Create (pkix_error.c:433)
==27249==    by 0x41CA0DC: pkix_Throw (pkix_tools.c:188)
==27249==    by 0x41AA0F0: pkix_Build_VerifyCertificate (pkix_build.c:1292)
==27249==    by 0x41B7305: pkix_BuildForwardDepthFirstSearch (pkix_build.c:2727)
==27249==    by 0x41C77A2: pkix_Build_InitiateBuildChain (pkix_build.c:4181)
==27249==    by 0x41C8DA0: PKIX_BuildChain (pkix_build.c:4364)
==27249==    by 0x4096CD0: cert_BuildAndValidateChain (certvfypkix.c:755)
==27249==    by 0x4098D4A: cert_VerifyCertChainPkix (certvfypkix.c:1141)
==27249==    by 0x408FA62: cert_VerifyCertChain (certvfy.c:945)
==27249==    by 0x408FAD5: CERT_VerifyCertChain (certvfy.c:957)
==27249==    by 0x4090A91: CERT_VerifyCert (certvfy.c:1555)
==27249==    by 0x4090BB1: CERT_VerifyCertNow (certvfy.c:1606)
==27249==    by 0x40208F1: SSL_AuthCertificate (sslauth.c:254)
==27249==    by 0x804BE7E: mySSLAuthCertificate (strsclnt.c:280)
==27249==    by 0x401CCD2: ssl3_HandleCertificate (ssl3con.c:7119)
==27249==    by 0x401E3FF: ssl3_HandleHandshakeMessage (ssl3con.c:7782)
==27249==    by 0x401E7E8: ssl3_HandleHandshake (ssl3con.c:7898)
==27249==    by 0x401F0BA: ssl3_HandleRecord (ssl3con.c:8161)
==27249==    by 0x402018A: ssl3_GatherCompleteHandshake (ssl3gthr.c:206)
==27249==    by 0x4022B36: ssl_GatherRecord1stHandshake (sslcon.c:1258)
==27249==    by 0x402A3C4: ssl_Do1stHandshake (sslsecur.c:151)
==27249==    by 0x402C572: ssl_SecureSend (sslsecur.c:1152)
==27249==    by 0x40322C0: ssl_Send (sslsock.c:1432)
==27249==    by 0x43356F0: PR_Send (priometh.c:226)
==27249==    by 0x804CB25: handle_connection (strsclnt.c:696)
==27249==    by 0x804D247: do_connects (strsclnt.c:887)
==27249==    by 0x804C3DB: thread_wrapper (strsclnt.c:439)
==27249==    by 0x4358734: _pt_root (ptthread.c:221)
==27249==    by 0x805370: start_thread (in /lib/tls/libpthread-2.3.4.so)
==27249==    by 0x66CFFD: clone (in /lib/tls/libc-2.3.4.so)

==27249== 2,376 bytes in 27 blocks are indirectly lost in loss record 63 of 64
==27249==    at 0x40056BF: calloc (vg_replace_malloc.c:279)
==27249==    by 0x433F74C: PR_Calloc (prmem.c:474)
==27249==    by 0x43507BE: PR_NewLock (ptsynch.c:174)
==27249==    by 0x4272DB8: PKIX_PL_Object_Alloc (pkix_pl_object.c:555)
==27249==    by 0x41D605D: PKIX_Error_Create (pkix_error.c:433)
==27249==    by 0x41CA0DC: pkix_Throw (pkix_tools.c:188)
==27249==    by 0x42207E8: PKIX_PL_Cert_VerifySignature (pkix_pl_cert.c:2953)
==27249==    by 0x41A964F: pkix_Build_VerifyCertificate (pkix_build.c:1212)
==27249==    by 0x41B7305: pkix_BuildForwardDepthFirstSearch (pkix_build.c:2727)
==27249==    by 0x41C77A2: pkix_Build_InitiateBuildChain (pkix_build.c:4181)
==27249==    by 0x41C8DA0: PKIX_BuildChain (pkix_build.c:4364)
==27249==    by 0x4096CD0: cert_BuildAndValidateChain (certvfypkix.c:755)
==27249==    by 0x4098D4A: cert_VerifyCertChainPkix (certvfypkix.c:1141)
==27249==    by 0x408FA62: cert_VerifyCertChain (certvfy.c:945)
==27249==    by 0x408FAD5: CERT_VerifyCertChain (certvfy.c:957)
==27249==    by 0x4090A91: CERT_VerifyCert (certvfy.c:1555)
==27249==    by 0x4090BB1: CERT_VerifyCertNow (certvfy.c:1606)
==27249==    by 0x40208F1: SSL_AuthCertificate (sslauth.c:254)
==27249==    by 0x804BE7E: mySSLAuthCertificate (strsclnt.c:280)
==27249==    by 0x401CCD2: ssl3_HandleCertificate (ssl3con.c:7119)
==27249==    by 0x401E3FF: ssl3_HandleHandshakeMessage (ssl3con.c:7782)
==27249==    by 0x401E7E8: ssl3_HandleHandshake (ssl3con.c:7898)
==27249==    by 0x401F0BA: ssl3_HandleRecord (ssl3con.c:8161)
==27249==    by 0x402018A: ssl3_GatherCompleteHandshake (ssl3gthr.c:206)
==27249==    by 0x4022B36: ssl_GatherRecord1stHandshake (sslcon.c:1258)
==27249==    by 0x402A3C4: ssl_Do1stHandshake (sslsecur.c:151)
==27249==    by 0x402C572: ssl_SecureSend (sslsecur.c:1152)
==27249==    by 0x40322C0: ssl_Send (sslsock.c:1432)
==27249==    by 0x43356F0: PR_Send (priometh.c:226)
==27249==    by 0x804CB25: handle_connection (strsclnt.c:696)
==27249==    by 0x804D247: do_connects (strsclnt.c:887)
==27249==    by 0x804C3DB: thread_wrapper (strsclnt.c:439)
==27249==    by 0x4358734: _pt_root (ptthread.c:221)
==27249==    by 0x805370: start_thread (in /lib/tls/libpthread-2.3.4.so)
==27249==    by 0x66CFFD: clone (in /lib/tls/libc-2.3.4.so)

==27249== 7,128 (1,188 direct, 5,940 indirect) bytes in 27 blocks are definitely lost in loss record 64 of 64
==27249==    at 0x4004405: malloc (vg_replace_malloc.c:149)
==27249==    by 0x433F6EE: PR_Malloc (prmem.c:467)
==27249==    by 0x426EF70: PKIX_PL_Malloc (pkix_pl_mem.c:72)
==27249==    by 0x4272BEB: PKIX_PL_Object_Alloc (pkix_pl_object.c:532)
==27249==    by 0x41D605D: PKIX_Error_Create (pkix_error.c:433)
==27249==    by 0x41CA0DC: pkix_Throw (pkix_tools.c:188)
==27249==    by 0x41AA0F0: pkix_Build_VerifyCertificate (pkix_build.c:1292)
==27249==    by 0x41B7305: pkix_BuildForwardDepthFirstSearch (pkix_build.c:2727)
==27249==    by 0x41C77A2: pkix_Build_InitiateBuildChain (pkix_build.c:4181)
==27249==    by 0x41C8DA0: PKIX_BuildChain (pkix_build.c:4364)
==27249==    by 0x4096CD0: cert_BuildAndValidateChain (certvfypkix.c:755)
==27249==    by 0x4098D4A: cert_VerifyCertChainPkix (certvfypkix.c:1141)
==27249==    by 0x408FA62: cert_VerifyCertChain (certvfy.c:945)
==27249==    by 0x408FAD5: CERT_VerifyCertChain (certvfy.c:957)
==27249==    by 0x4090A91: CERT_VerifyCert (certvfy.c:1555)
==27249==    by 0x4090BB1: CERT_VerifyCertNow (certvfy.c:1606)
==27249==    by 0x40208F1: SSL_AuthCertificate (sslauth.c:254)
==27249==    by 0x804BE7E: mySSLAuthCertificate (strsclnt.c:280)
==27249==    by 0x401CCD2: ssl3_HandleCertificate (ssl3con.c:7119)
==27249==    by 0x401E3FF: ssl3_HandleHandshakeMessage (ssl3con.c:7782)
==27249==    by 0x401E7E8: ssl3_HandleHandshake (ssl3con.c:7898)
==27249==    by 0x401F0BA: ssl3_HandleRecord (ssl3con.c:8161)
==27249==    by 0x402018A: ssl3_GatherCompleteHandshake (ssl3gthr.c:206)
==27249==    by 0x4022B36: ssl_GatherRecord1stHandshake (sslcon.c:1258)
==27249==    by 0x402A3C4: ssl_Do1stHandshake (sslsecur.c:151)
==27249==    by 0x402C572: ssl_SecureSend (sslsecur.c:1152)
==27249==    by 0x40322C0: ssl_Send (sslsock.c:1432)
==27249==    by 0x43356F0: PR_Send (priometh.c:226)
==27249==    by 0x804CB25: handle_connection (strsclnt.c:696)
==27249==    by 0x804D247: do_connects (strsclnt.c:887)
==27249==    by 0x804C3DB: thread_wrapper (strsclnt.c:439)
==27249==    by 0x4358734: _pt_root (ptthread.c:221)
==27249==    by 0x805370: start_thread (in /lib/tls/libpthread-2.3.4.so)
==27249==    by 0x66CFFD: clone (in /lib/tls/libc-2.3.4.so)

Found on Linux in strsclnt (strsclnt vs. selfserv tests), strsclnt was in FIPS mode (not found in non-FIPS mode tests).
Comment 1 Alexei Volkov 2007-11-29 14:58:34 PST
Created attachment 290763 [details] [diff] [review]
Ignored file cleanup

Remove stacks associated with PKIX_Error object leaks(fixed by attachment 288930 [details] [diff] [review] bug 397832)
Comment 2 Nelson Bolyard (seldom reads bugmail) 2007-11-29 23:48:11 PST
Comment on attachment 290763 [details] [diff] [review]
Ignored file cleanup

happy happy joy joy...
Comment 3 Alexei Volkov 2007-11-30 13:36:35 PST
attachment 290763 [details] [diff] [review] has been committed.

Note You need to log in before you can comment on or make changes to this bug.