Opened 8 years ago

Closed 8 years ago

Last modified 7 years ago

#4252 closed defect (fixed)

Proposal 176 (?) memory leaks

Reported by: arma Owned by: nickm
Priority: High Milestone:
Component: Core Tor/Tor Version:
Severity: Keywords: tor-relay
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Running git master on moria1 in valgrind, we have:

==29415== 18,880 (352 direct, 18,528 indirect) bytes in 22 blocks are definitely lost in loss record 164 of 206
==29415==    at 0x4C244E8: malloc (vg_replace_malloc.c:236)
==29415==    by 0x4D3A07: _tor_malloc (util.c:144)
==29415==    by 0x4D6496: _crypto_new_pk_env_rsa (crypto.c:330)
==29415==    by 0x4DE8C4: tor_tls_cert_get_key (tortls.c:883)
==29415==    by 0x46EB2B: command_process_authenticate_cell (command.c:1179)
==29415==    by 0x48FE1C: connection_or_process_cells_from_inbuf (connection_or.c:1799)
==29415==    by 0x484328: connection_handle_read (connection.c:2701)
==29415==    by 0x40B8F5: conn_read_callback (main.c:674)
==29415==    by 0x52C9343: event_base_loop (in /usr/lib/libevent-1.4.so.2.1.3)
==29415==    by 0x409990: do_main_loop (main.c:1889)
==29415==    by 0x409CCC: tor_main (main.c:2570)
==29415==    by 0x5F10C4C: (below main) (libc-start.c:228)
==29415== 70,002 (4,160 direct, 65,842 indirect) bytes in 26 blocks are definitely lost in loss record 171 of 206
==29415==    at 0x4C244E8: malloc (vg_replace_malloc.c:236)
==29415==    by 0x57AC9E1: CRYPTO_malloc (in /usr/lib/libcrypto.so.0.9.8)
==29415==    by 0x58280BC: ??? (in /usr/lib/libcrypto.so.0.9.8)
==29415==    by 0x582B038: ASN1_item_ex_d2i (in /usr/lib/libcrypto.so.0.9.8)
==29415==    by 0x582B6D3: ASN1_item_d2i (in /usr/lib/libcrypto.so.0.9.8)
==29415==    by 0x54FE3AB: ssl3_get_server_certificate (in /usr/lib/libssl.so.0.9.8)
==29415==    by 0x54FF7A7: ssl3_connect (in /usr/lib/libssl.so.0.9.8)
==29415==    by 0x5506112: ssl23_connect (in /usr/lib/libssl.so.0.9.8)
==29415==    by 0x4E0F26: tor_tls_handshake (tortls.c:1697)
==29415==    by 0x490D36: connection_tls_continue_handshake (connection_or.c:1171)
==29415==    by 0x484D5A: connection_handle_write (connection.c:3217)
==29415==    by 0x40B765: conn_write_callback (main.c:707)
==29415== 169,601 (10,080 direct, 159,521 indirect) bytes in 63 blocks are definitely lost in loss record 172 of 206
==29415==    at 0x4C244E8: malloc (vg_replace_malloc.c:236)
==29415==    by 0x57AC9E1: CRYPTO_malloc (in /usr/lib/libcrypto.so.0.9.8)
==29415==    by 0x58280BC: ??? (in /usr/lib/libcrypto.so.0.9.8)
==29415==    by 0x582B038: ASN1_item_ex_d2i (in /usr/lib/libcrypto.so.0.9.8)
==29415==    by 0x582B6D3: ASN1_item_d2i (in /usr/lib/libcrypto.so.0.9.8)
==29415==    by 0x54FE3AB: ssl3_get_server_certificate (in /usr/lib/libssl.so.0.9.8)
==29415==    by 0x54FF7A7: ssl3_connect (in /usr/lib/libssl.so.0.9.8)
==29415==    by 0x5506112: ssl23_connect (in /usr/lib/libssl.so.0.9.8)
==29415==    by 0x4E0F26: tor_tls_handshake (tortls.c:1697)
==29415==    by 0x490D36: connection_tls_continue_handshake (connection_or.c:1171)
==29415==    by 0x491107: connection_tls_start_handshake (connection_or.c:1128)
==29415==    by 0x491219: connection_or_finished_connecting (connection_or.c:479
==29415== 265,505,121 (15,748,320 direct, 249,756,801 indirect) bytes in 98,427 blocks are definitely lost in loss record 206 of 206
==29415==    at 0x4C244E8: malloc (vg_replace_malloc.c:236)
==29415==    by 0x57AC9E1: CRYPTO_malloc (in /usr/lib/libcrypto.so.0.9.8)
==29415==    by 0x58280BC: ??? (in /usr/lib/libcrypto.so.0.9.8)
==29415==    by 0x582B038: ASN1_item_ex_d2i (in /usr/lib/libcrypto.so.0.9.8)
==29415==    by 0x582B6D3: ASN1_item_d2i (in /usr/lib/libcrypto.so.0.9.8)
==29415==    by 0x54FE3AB: ssl3_get_server_certificate (in /usr/lib/libssl.so.0.9.8)
==29415==    by 0x54FF7A7: ssl3_connect (in /usr/lib/libssl.so.0.9.8)
==29415==    by 0x5506112: ssl23_connect (in /usr/lib/libssl.so.0.9.8)
==29415==    by 0x4E0F26: tor_tls_handshake (tortls.c:1697)
==29415==    by 0x490D36: connection_tls_continue_handshake (connection_or.c:1171)
==29415==    by 0x4844B2: connection_handle_read (connection.c:2786)
==29415==    by 0x40B8F5: conn_read_callback (main.c:674)

Child Tickets

Change History (6)

comment:1 Changed 8 years ago by nickm

Owner: set to nickm
Priority: normalmajor
Status: newaccepted

Oy, that's a lot of ram!

The first one looks easy to fix. The last 3 are all allocating X509 certificates from inside ssl3_get_server_certificate; I'm betting that we incref them someplace but don't free them enough. That could be harder to find. I'll poke at those.

comment:2 Changed 8 years ago by nickm

Status: acceptedneeds_review

I think I have tracked down the first one, and at least one thing that would cause the second one. Please have a look at bug4252 in my public repository.

comment:3 Changed 8 years ago by arma

Fixes look plausible.

Somewhere in there we should fix the "cetificate" typo.

comment:4 Changed 8 years ago by nickm

Resolution: fixed
Status: needs_reviewclosed

Merged, with fix for typo.

comment:5 Changed 7 years ago by nickm

Keywords: tor-relay added

comment:6 Changed 7 years ago by nickm

Component: Tor RelayTor
Note: See TracTickets for help on using tickets.