SSL_CanBypass leaks memory

RESOLVED FIXED in 3.11.8

Status

NSS
Libraries
P2
normal
RESOLVED FIXED
10 years ago
10 years ago

People

(Reporter: glen beasley, Assigned: glen beasley)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment, 1 obsolete attachment)

541 bytes, patch
Nelson Bolyard (seldom reads bugmail)
: review+
Julien Pierre
: superreview+
Details | Diff | Splinter Review
(Assignee)

Description

10 years ago
reported by Sun engineer Meena Vyas

libumem shows this :
umem_alloc_160 leak: 2 buffers, 160 bytes each, 320 bytes total
ADDR          BUFADDR        TIMESTAMP   THREAD  CACHE
9bbc98         9b9628   1f9d80d3d4b6f0        1  2f008    
libumem.so.1`umem_cache_alloc+0x210
libumem.so.1`umem_alloc+0x60
libumem.so.1`malloc+0x28
libnspr4.so`PR_Malloc+0x78
libnss3.so`PORT_Alloc+0x48
libssl3.so`SSL_CanBypass+0x4d0
libns-httpd40.so`int SSLSocketConfiguration::check_bypassconst+0x140
libns-httpd40.so`void SSLSocketConfiguration::enableSSLconst+0x35c


http://mxr.mozilla.org/security/source/security/nss/lib/ssl/derive.c#683
683             enc_pms.data = (unsigned char*)PORT_Alloc(enc_pms.len)

the allocation is never freed.
(Assignee)

Updated

10 years ago
Status: NEW → ASSIGNED
(Assignee)

Updated

10 years ago
Assignee: nobody → glen.beasley
Status: ASSIGNED → NEW
(Assignee)

Comment 1

10 years ago
Created attachment 286578 [details] [diff] [review]
free data  if allocated
Attachment #286578 - Flags: superreview?(nelson)
Attachment #286578 - Flags: review?(julien.pierre.boogz)
Comment on attachment 286578 [details] [diff] [review]
free data  if allocated 

PORT_Free tests its argument, so this additional test is
redundant.  But even better is to call SECITEM_FreeItem.
Please do that.

>+    if (enc_pms.data)
>+       PORT_Free(enc_pms.data);
>+
Attachment #286578 - Flags: superreview?(nelson) → superreview-
(Assignee)

Updated

10 years ago
Attachment #286578 - Flags: review?(julien.pierre.boogz)
(Assignee)

Comment 3

10 years ago
Created attachment 286724 [details] [diff] [review]
use SECITEM_FreeItem to free
Attachment #286578 - Attachment is obsolete: true
Attachment #286724 - Flags: superreview?(julien.pierre.boogz)
Attachment #286724 - Flags: review?(nelson)
Comment on attachment 286724 [details] [diff] [review]
use SECITEM_FreeItem to free 

r=nelson
Attachment #286724 - Flags: review?(nelson) → review+

Updated

10 years ago
Attachment #286724 - Flags: superreview?(julien.pierre.boogz) → superreview+
(Assignee)

Comment 5

10 years ago
/cvsroot/mozilla/security/nss/lib/ssl/derive.c,v  <--  derive.c
new revision: 1.8; previous revision: 1.7
done
Status: NEW → RESOLVED
Last Resolved: 10 years ago
Resolution: --- → FIXED
(Assignee)

Comment 6

10 years ago
3_11_Branch checkin:

/cvsroot/mozilla/security/nss/lib/ssl/derive.c,v  <--  derive.c
new revision: 1.3.2.3; previous revision: 1.3.2.2
done

Updated

10 years ago
Priority: -- → P2
Target Milestone: --- → 3.11.8
You need to log in before you can comment on or make changes to this bug.