Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Memory leak when using schannel ssl_backend #5855

New issue
New issue
Closed
Closed
Memory leak when using schannel ssl_backend#5855
Labels
TLSmemory-leak
@fullincome

Description

@fullincome
fullincome
opened on Aug 25, 2020

I did this

Build curl with schannel interface as ssl_backend interface on linux.
Test it with valgrind and get something like:

{
   <insert_a_suppression_name_here>
   Memcheck:Leak
   match-leak-kinds: definite
   ...
   fun:_tcsdup
   fun:get_cert_location
   fun:schannel_connect_step1
   fun:schannel_connect_common
   fun:Curl_schannel_connect_nonblocking
   fun:Curl_ssl_connect_nonblocking
   fun:https_connecting
   fun:Curl_http_connect
   fun:Curl_protocol_connect
   fun:multi_runsingle
   fun:curl_multi_perform
   fun:easy_transfer
   fun:easy_perform
   fun:curl_easy_perform
   fun:operate_do
   fun:operate
   fun:main
}

I expected the following

No memory leak

curl/libcurl version

master

operating system

uname -a:
Linux test-x64-ub16 4.4.0-97-generic #120-Ubuntu SMP Tue Sep 19 17:28:18 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux

explanation

get_cert_location() can return CURLE_SSL_CERTPROBLEM and allocate memory for store_path. In this case, we lost memory in cert_store_path here:

curl/lib/vtls/schannel.c

Line 618 in 259a815

if(result && !fInCert) {

Perhaps get_cert_location() is slightly incorrect?
Perhaps change the code something like this (or better)?:

diff --git a/lib/vtls/schannel.c b/lib/vtls/schannel.c
index 1c1432d75..a656c8a55 100644
--- a/lib/vtls/schannel.c
+++ b/lib/vtls/schannel.c
@@ -346,6 +346,8 @@ set_ssl_ciphers(SCHANNEL_CRED *schannel_cred, char *ciphers)
 }
 
 #ifdef HAS_CLIENT_CERT_PATH
+
+// Function allocate memory for store_path if CURLE_OK is returned!
 static CURLcode
 get_cert_location(TCHAR *path, DWORD *store_name, TCHAR **store_path,
                   TCHAR **thumbprint)
@@ -388,16 +390,16 @@ get_cert_location(TCHAR *path, DWORD *store_name, TCHAR **store_path,
   if(sep == NULL)
     return CURLE_SSL_CERTPROBLEM;
 
+  *thumbprint = sep + 1;
+  if(_tcslen(*thumbprint) != CERT_THUMBPRINT_STR_LEN)
+    return CURLE_SSL_CERTPROBLEM;
+
   *sep = TEXT('\0');
   *store_path = _tcsdup(store_path_start);
   *sep = TEXT('\\');
   if(*store_path == NULL)
     return CURLE_OUT_OF_MEMORY;
 
-  *thumbprint = sep + 1;
-  if(_tcslen(*thumbprint) != CERT_THUMBPRINT_STR_LEN)
-    return CURLE_SSL_CERTPROBLEM;
-
   return CURLE_OK;
 }
 #endif

Metadata

Metadata

Assignees

No one assigned

    Labels

    TLSmemory-leak

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions