Opened 12 years ago

Last modified 7 years ago

#589 closed defect (Fixed)

memory leak in tor_tls_handshake

Reported by: arma Owned by:
Priority: Low Milestone:
Component: Core Tor/Tor Version:
Severity: Keywords:
Cc: arma, nickm Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


Running r13176, first as a client, then (when Vidalia connects and
setconfs it) as a server.

Looks like it's happening inside openssl. Is this openssl's fault, or
our fault for messing with openssl wrong?

==12945== 15,648 (644 direct, 15,004 indirect) bytes in 7 blocks are definitely
lost in loss record 14 of 18
==12945== at 0x401D38B: malloc (vg_replace_malloc.c:149)
==12945== by 0x40CC56D: (within /usr/lib/i686/cmov/
==12945== by 0x40CCBD8: CRYPTO_malloc (in /usr/lib/i686/cmov/
==12945== by 0x4154E25: (within /usr/lib/i686/cmov/
==12945== by 0x41579EA: ASN1_item_ex_d2i (in /usr/lib/i686/cmov/
==12945== by 0x41580F1: ASN1_item_d2i (in /usr/lib/i686/cmov/
==12945== by 0x414EC94: d2i_X509 (in /usr/lib/i686/cmov/
==12945== by 0x406CF7A: ssl3_get_server_certificate (in /usr/lib/i686/cmov/
==12945== by 0x406E420: ssl3_connect (in /usr/lib/i686/cmov/
==12945== by 0x407F3A9: SSL_connect (in /usr/lib/i686/cmov/
==12945== by 0x4074B73: ssl23_connect (in /usr/lib/i686/cmov/
==12945== by 0x407F3A9: SSL_connect (in /usr/lib/i686/cmov/
==12945== by 0x80F1951: tor_tls_handshake (tortls.c:859)
==12945== by 0x807AF49: connection_tls_continue_handshake (connection_or.c:616)
==12945== by 0x8071879: connection_handle_read (connection.c:1904)
==12945== by 0x80A70B7: conn_read_callback (main.c:456)
==12945== by 0x4050C78: (within /usr/lib/
==12945== by 0x4050F64: event_base_loop (in /usr/lib/
==12945== by 0x4050DCA: event_loop (in /usr/lib/
==12945== by 0x80A6C0E: do_main_loop (main.c:1424)

[Automatically added by flyspray2trac: Operating System: All]

Child Tickets

Change History (5)

comment:1 Changed 12 years ago by nickm

"d2i_X509" is the "parse an X509 certificate" function; it looks like something inside one of the certificates
isn't freed. Perhaps this is some shared refcounted thing; perhaps it's an actual leak.

comment:2 Changed 12 years ago by arma

I just ran valgrind on moria2 for 20 minutes:

==17744== 1,396,349 (77,440 direct, 1,318,909 indirect) bytes in 484 blocks are definitely lost in loss record 17 of 19
==17744== at 0x4A1B858: malloc (vg_replace_malloc.c:149)
==17744== by 0x4EE5331: CRYPTO_malloc (in /usr/lib/
==17744== by 0x4F58BD4: (within /usr/lib/
==17744== by 0x4F5B650: ASN1_item_ex_d2i (in /usr/lib/
==17744== by 0x4F5BCE3: ASN1_item_d2i (in /usr/lib/
==17744== by 0x4D5A2FF: ssl3_get_server_certificate (in /usr/lib/
==17744== by 0x4D5B60F: ssl3_connect (in /usr/lib/
==17744== by 0x4D61396: ssl23_connect (in /usr/lib/
==17744== by 0x4983D8: tor_tls_handshake (tortls.c:859)
==17744== by 0x42EDB2: connection_tls_continue_handshake (connection_or.c:616)
==17744== by 0x426A9F: connection_handle_read (connection.c:1904)
==17744== by 0x4562BF: conn_read_callback (main.c:456)

So this looks serious, whatever it is.

comment:3 Changed 12 years ago by arma

Fixed in r13218.

comment:4 Changed 12 years ago by arma

flyspray2trac: bug closed.

comment:5 Changed 7 years ago by nickm

Component: Tor RelayTor
Note: See TracTickets for help on using tickets.