[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Possible memory leaks (pki_crypto.c)


 

Hi folks, 

I was experimenting libssh and I faced an issue when implementing a
client application using 0.6.3 and Openssl. 

Meanwhile the server (I had also implemented) worked fine, my client was
not releasing chunks of memory. 

After some days of painstakingly debugging, I realized that
pki_signature_from_blob (reached only by the client-side) was not
releasing memory correctly. 

After analizing the function, I found that DSA_SIG_new() and
ECDSA_SIG_new() alloc the bignumbers used to represent the corresponding
signatures. 

However, when using Openssl, the function make_string_bn() allocs
bignumbers and overwrites the ones previously allocated by the
*_SIG_new() functions. 

As a workaround, I just "ugly" patched my code to copy bignumbers
content (and not overwrite the pointers already allocated). 

I recommend our crypto experts collaborators to check this issue. 

And thank you for the excellent work! 

Tiago Alves 

painstakingly debugging 

 

Follow-Ups:
Re: Possible memory leaks (pki_crypto.c)Jon Simons <jon@xxxxxxxxxxxxx>
Archive administrator: postmaster@lists.cynapses.org