PKIX error results not freed after use.

RESOLVED FIXED in 3.12

Status

NSS
Libraries
RESOLVED FIXED
10 years ago
10 years ago

People

(Reporter: Slavomir Katuscak, Assigned: Alexei Volkov)

Tracking

({mlk})

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

15.75 KB, patch
Nelson Bolyard (seldom reads bugmail)
: review+
Details | Diff | Splinter Review
(Reporter)

Description

10 years ago
In PKIX_Error_Create() function there is some memory allocated for pkixErrorResult. This memory is not freed after use. 

==27249== 1,188 bytes in 27 blocks are indirectly lost in loss record 61 of 64
==27249==    at 0x4004405: malloc (vg_replace_malloc.c:149)
==27249==    by 0x433F6EE: PR_Malloc (prmem.c:467)
==27249==    by 0x426EF70: PKIX_PL_Malloc (pkix_pl_mem.c:72)
==27249==    by 0x4272BEB: PKIX_PL_Object_Alloc (pkix_pl_object.c:532)
==27249==    by 0x41D605D: PKIX_Error_Create (pkix_error.c:433)
==27249==    by 0x41CA0DC: pkix_Throw (pkix_tools.c:188)
==27249==    by 0x42207E8: PKIX_PL_Cert_VerifySignature (pkix_pl_cert.c:2953)
==27249==    by 0x41A964F: pkix_Build_VerifyCertificate (pkix_build.c:1212)
==27249==    by 0x41B7305: pkix_BuildForwardDepthFirstSearch (pkix_build.c:2727)
==27249==    by 0x41C77A2: pkix_Build_InitiateBuildChain (pkix_build.c:4181)
==27249==    by 0x41C8DA0: PKIX_BuildChain (pkix_build.c:4364)
==27249==    by 0x4096CD0: cert_BuildAndValidateChain (certvfypkix.c:755)
==27249==    by 0x4098D4A: cert_VerifyCertChainPkix (certvfypkix.c:1141)
==27249==    by 0x408FA62: cert_VerifyCertChain (certvfy.c:945)
==27249==    by 0x408FAD5: CERT_VerifyCertChain (certvfy.c:957)
==27249==    by 0x4090A91: CERT_VerifyCert (certvfy.c:1555)
==27249==    by 0x4090BB1: CERT_VerifyCertNow (certvfy.c:1606)
==27249==    by 0x40208F1: SSL_AuthCertificate (sslauth.c:254)
==27249==    by 0x804BE7E: mySSLAuthCertificate (strsclnt.c:280)
==27249==    by 0x401CCD2: ssl3_HandleCertificate (ssl3con.c:7119)
==27249==    by 0x401E3FF: ssl3_HandleHandshakeMessage (ssl3con.c:7782)
==27249==    by 0x401E7E8: ssl3_HandleHandshake (ssl3con.c:7898)
==27249==    by 0x401F0BA: ssl3_HandleRecord (ssl3con.c:8161)
==27249==    by 0x402018A: ssl3_GatherCompleteHandshake (ssl3gthr.c:206)
==27249==    by 0x4022B36: ssl_GatherRecord1stHandshake (sslcon.c:1258)
==27249==    by 0x402A3C4: ssl_Do1stHandshake (sslsecur.c:151)
==27249==    by 0x402C572: ssl_SecureSend (sslsecur.c:1152)
==27249==    by 0x40322C0: ssl_Send (sslsock.c:1432)
==27249==    by 0x43356F0: PR_Send (priometh.c:226)
==27249==    by 0x804CB25: handle_connection (strsclnt.c:696)
==27249==    by 0x804D247: do_connects (strsclnt.c:887)
==27249==    by 0x804C3DB: thread_wrapper (strsclnt.c:439)
==27249==    by 0x4358734: _pt_root (ptthread.c:221)
==27249==    by 0x805370: start_thread (in /lib/tls/libpthread-2.3.4.so)
==27249==    by 0x66CFFD: clone (in /lib/tls/libc-2.3.4.so)

==27249== 2,376 bytes in 27 blocks are indirectly lost in loss record 62 of 64
==27249==    at 0x40056BF: calloc (vg_replace_malloc.c:279)
==27249==    by 0x433F74C: PR_Calloc (prmem.c:474)
==27249==    by 0x43507BE: PR_NewLock (ptsynch.c:174)
==27249==    by 0x4272DB8: PKIX_PL_Object_Alloc (pkix_pl_object.c:555)
==27249==    by 0x41D605D: PKIX_Error_Create (pkix_error.c:433)
==27249==    by 0x41CA0DC: pkix_Throw (pkix_tools.c:188)
==27249==    by 0x41AA0F0: pkix_Build_VerifyCertificate (pkix_build.c:1292)
==27249==    by 0x41B7305: pkix_BuildForwardDepthFirstSearch (pkix_build.c:2727)
==27249==    by 0x41C77A2: pkix_Build_InitiateBuildChain (pkix_build.c:4181)
==27249==    by 0x41C8DA0: PKIX_BuildChain (pkix_build.c:4364)
==27249==    by 0x4096CD0: cert_BuildAndValidateChain (certvfypkix.c:755)
==27249==    by 0x4098D4A: cert_VerifyCertChainPkix (certvfypkix.c:1141)
==27249==    by 0x408FA62: cert_VerifyCertChain (certvfy.c:945)
==27249==    by 0x408FAD5: CERT_VerifyCertChain (certvfy.c:957)
==27249==    by 0x4090A91: CERT_VerifyCert (certvfy.c:1555)
==27249==    by 0x4090BB1: CERT_VerifyCertNow (certvfy.c:1606)
==27249==    by 0x40208F1: SSL_AuthCertificate (sslauth.c:254)
==27249==    by 0x804BE7E: mySSLAuthCertificate (strsclnt.c:280)
==27249==    by 0x401CCD2: ssl3_HandleCertificate (ssl3con.c:7119)
==27249==    by 0x401E3FF: ssl3_HandleHandshakeMessage (ssl3con.c:7782)
==27249==    by 0x401E7E8: ssl3_HandleHandshake (ssl3con.c:7898)
==27249==    by 0x401F0BA: ssl3_HandleRecord (ssl3con.c:8161)
==27249==    by 0x402018A: ssl3_GatherCompleteHandshake (ssl3gthr.c:206)
==27249==    by 0x4022B36: ssl_GatherRecord1stHandshake (sslcon.c:1258)
==27249==    by 0x402A3C4: ssl_Do1stHandshake (sslsecur.c:151)
==27249==    by 0x402C572: ssl_SecureSend (sslsecur.c:1152)
==27249==    by 0x40322C0: ssl_Send (sslsock.c:1432)
==27249==    by 0x43356F0: PR_Send (priometh.c:226)
==27249==    by 0x804CB25: handle_connection (strsclnt.c:696)
==27249==    by 0x804D247: do_connects (strsclnt.c:887)
==27249==    by 0x804C3DB: thread_wrapper (strsclnt.c:439)
==27249==    by 0x4358734: _pt_root (ptthread.c:221)
==27249==    by 0x805370: start_thread (in /lib/tls/libpthread-2.3.4.so)
==27249==    by 0x66CFFD: clone (in /lib/tls/libc-2.3.4.so)

==27249== 2,376 bytes in 27 blocks are indirectly lost in loss record 63 of 64
==27249==    at 0x40056BF: calloc (vg_replace_malloc.c:279)
==27249==    by 0x433F74C: PR_Calloc (prmem.c:474)
==27249==    by 0x43507BE: PR_NewLock (ptsynch.c:174)
==27249==    by 0x4272DB8: PKIX_PL_Object_Alloc (pkix_pl_object.c:555)
==27249==    by 0x41D605D: PKIX_Error_Create (pkix_error.c:433)
==27249==    by 0x41CA0DC: pkix_Throw (pkix_tools.c:188)
==27249==    by 0x42207E8: PKIX_PL_Cert_VerifySignature (pkix_pl_cert.c:2953)
==27249==    by 0x41A964F: pkix_Build_VerifyCertificate (pkix_build.c:1212)
==27249==    by 0x41B7305: pkix_BuildForwardDepthFirstSearch (pkix_build.c:2727)
==27249==    by 0x41C77A2: pkix_Build_InitiateBuildChain (pkix_build.c:4181)
==27249==    by 0x41C8DA0: PKIX_BuildChain (pkix_build.c:4364)
==27249==    by 0x4096CD0: cert_BuildAndValidateChain (certvfypkix.c:755)
==27249==    by 0x4098D4A: cert_VerifyCertChainPkix (certvfypkix.c:1141)
==27249==    by 0x408FA62: cert_VerifyCertChain (certvfy.c:945)
==27249==    by 0x408FAD5: CERT_VerifyCertChain (certvfy.c:957)
==27249==    by 0x4090A91: CERT_VerifyCert (certvfy.c:1555)
==27249==    by 0x4090BB1: CERT_VerifyCertNow (certvfy.c:1606)
==27249==    by 0x40208F1: SSL_AuthCertificate (sslauth.c:254)
==27249==    by 0x804BE7E: mySSLAuthCertificate (strsclnt.c:280)
==27249==    by 0x401CCD2: ssl3_HandleCertificate (ssl3con.c:7119)
==27249==    by 0x401E3FF: ssl3_HandleHandshakeMessage (ssl3con.c:7782)
==27249==    by 0x401E7E8: ssl3_HandleHandshake (ssl3con.c:7898)
==27249==    by 0x401F0BA: ssl3_HandleRecord (ssl3con.c:8161)
==27249==    by 0x402018A: ssl3_GatherCompleteHandshake (ssl3gthr.c:206)
==27249==    by 0x4022B36: ssl_GatherRecord1stHandshake (sslcon.c:1258)
==27249==    by 0x402A3C4: ssl_Do1stHandshake (sslsecur.c:151)
==27249==    by 0x402C572: ssl_SecureSend (sslsecur.c:1152)
==27249==    by 0x40322C0: ssl_Send (sslsock.c:1432)
==27249==    by 0x43356F0: PR_Send (priometh.c:226)
==27249==    by 0x804CB25: handle_connection (strsclnt.c:696)
==27249==    by 0x804D247: do_connects (strsclnt.c:887)
==27249==    by 0x804C3DB: thread_wrapper (strsclnt.c:439)
==27249==    by 0x4358734: _pt_root (ptthread.c:221)
==27249==    by 0x805370: start_thread (in /lib/tls/libpthread-2.3.4.so)
==27249==    by 0x66CFFD: clone (in /lib/tls/libc-2.3.4.so)

==27249== 7,128 (1,188 direct, 5,940 indirect) bytes in 27 blocks are definitely lost in loss record 64 of 64
==27249==    at 0x4004405: malloc (vg_replace_malloc.c:149)
==27249==    by 0x433F6EE: PR_Malloc (prmem.c:467)
==27249==    by 0x426EF70: PKIX_PL_Malloc (pkix_pl_mem.c:72)
==27249==    by 0x4272BEB: PKIX_PL_Object_Alloc (pkix_pl_object.c:532)
==27249==    by 0x41D605D: PKIX_Error_Create (pkix_error.c:433)
==27249==    by 0x41CA0DC: pkix_Throw (pkix_tools.c:188)
==27249==    by 0x41AA0F0: pkix_Build_VerifyCertificate (pkix_build.c:1292)
==27249==    by 0x41B7305: pkix_BuildForwardDepthFirstSearch (pkix_build.c:2727)
==27249==    by 0x41C77A2: pkix_Build_InitiateBuildChain (pkix_build.c:4181)
==27249==    by 0x41C8DA0: PKIX_BuildChain (pkix_build.c:4364)
==27249==    by 0x4096CD0: cert_BuildAndValidateChain (certvfypkix.c:755)
==27249==    by 0x4098D4A: cert_VerifyCertChainPkix (certvfypkix.c:1141)
==27249==    by 0x408FA62: cert_VerifyCertChain (certvfy.c:945)
==27249==    by 0x408FAD5: CERT_VerifyCertChain (certvfy.c:957)
==27249==    by 0x4090A91: CERT_VerifyCert (certvfy.c:1555)
==27249==    by 0x4090BB1: CERT_VerifyCertNow (certvfy.c:1606)
==27249==    by 0x40208F1: SSL_AuthCertificate (sslauth.c:254)
==27249==    by 0x804BE7E: mySSLAuthCertificate (strsclnt.c:280)
==27249==    by 0x401CCD2: ssl3_HandleCertificate (ssl3con.c:7119)
==27249==    by 0x401E3FF: ssl3_HandleHandshakeMessage (ssl3con.c:7782)
==27249==    by 0x401E7E8: ssl3_HandleHandshake (ssl3con.c:7898)
==27249==    by 0x401F0BA: ssl3_HandleRecord (ssl3con.c:8161)
==27249==    by 0x402018A: ssl3_GatherCompleteHandshake (ssl3gthr.c:206)
==27249==    by 0x4022B36: ssl_GatherRecord1stHandshake (sslcon.c:1258)
==27249==    by 0x402A3C4: ssl_Do1stHandshake (sslsecur.c:151)
==27249==    by 0x402C572: ssl_SecureSend (sslsecur.c:1152)
==27249==    by 0x40322C0: ssl_Send (sslsock.c:1432)
==27249==    by 0x43356F0: PR_Send (priometh.c:226)
==27249==    by 0x804CB25: handle_connection (strsclnt.c:696)
==27249==    by 0x804D247: do_connects (strsclnt.c:887)
==27249==    by 0x804C3DB: thread_wrapper (strsclnt.c:439)
==27249==    by 0x4358734: _pt_root (ptthread.c:221)
==27249==    by 0x805370: start_thread (in /lib/tls/libpthread-2.3.4.so)
==27249==    by 0x66CFFD: clone (in /lib/tls/libc-2.3.4.so)

Found on Linux in strsclnt (strsclnt vs. selfserv tests), strsclnt was in FIPS mode (not found in non-FIPS mode tests).
(Reporter)

Updated

10 years ago
Assignee: nobody → alexei.volkov.bugs
(Assignee)

Updated

10 years ago
Blocks: 397832
Target Milestone: --- → 3.12
Version: 3.12 → trunk
(Assignee)

Comment 1

10 years ago
Created attachment 290763 [details] [diff] [review]
Ignored file cleanup

Remove stacks associated with PKIX_Error object leaks(fixed by attachment 288930 [details] [diff] [review] bug 397832)
Attachment #290763 - Flags: review?(nelson)
Comment on attachment 290763 [details] [diff] [review]
Ignored file cleanup

happy happy joy joy...
Attachment #290763 - Flags: review?(nelson) → review+
(Assignee)

Comment 3

10 years ago
attachment 290763 [details] [diff] [review] has been committed.
Status: NEW → RESOLVED
Last Resolved: 10 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.