[PATCH ustream-ssl 05/12] ustream-openssl: fix BIO_method memory leak

Petr Štetiar ynezz at true.cz
Thu Dec 10 10:41:27 EST 2020


Fixes following issues as reported by clang-12 LeakSanitizer:

 $ uclient-fetch-san -q -O /dev/null 'https://expired.badssl.com/'
  Direct leak of 96 byte(s) in 1 object(s) allocated from:
      #0 0x49716d in malloc (uclient-fetch-san+0x49716d)
      #1 0x7f551cbabe58 in CRYPTO_zalloc (/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1+0x17ae58)

  Indirect leak of 8 byte(s) in 1 object(s) allocated from:
      #0 0x49716d in malloc (uclient-fetch-san+0x49716d)
      #1 0x7f551cbb51c5 in CRYPTO_strdup (/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1+0x1841c5)

  SUMMARY: AddressSanitizer: 104 byte(s) leaked in 2 allocation(s).

and Valgrind:

  $ valgrind --quiet --leak-check=full uclient-fetch -q -O /dev/null 'https://expired.badssl.com/'
  ==1966== 104 (96 direct, 8 indirect) bytes in 1 blocks are definitely lost in loss record 4 of 9
  ==1966==    at 0x4C31B0F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
  ==1966==    by 0x5FC4E58: CRYPTO_zalloc (in /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1)
  ==1966==    by 0x5EF712F: BIO_meth_new (in /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1)
  ==1966==    by 0x5C48039: ustream_bio_new (ustream-io-openssl.c:125)
  ==1966==    by 0x5C48039: ustream_set_io (ustream-io-openssl.c:141)
  ==1966==    by 0x5C47CB0: _ustream_ssl_init (ustream-ssl.c:210)
  ==1966==    by 0x4E4117A: uclient_setup_https (uclient-http.c:914)
  ==1966==    by 0x4E4117A: uclient_http_connect (uclient-http.c:936)
  ==1966==    by 0x401FD9: init_request (uclient-fetch.c:333)
  ==1966==    by 0x401E08: main (uclient-fetch.c:745)

Suggested-by: Pan Chen <serial115200 at outlook.com>
Signed-off-by: Petr Štetiar <ynezz at true.cz>
---
 ustream-io-openssl.c | 47 ++++++++++++++++++++++----------------------
 ustream-openssl.c    |  7 +++++++
 ustream-openssl.h    |  5 +++++
 3 files changed, 36 insertions(+), 23 deletions(-)

diff --git a/ustream-io-openssl.c b/ustream-io-openssl.c
index 606ed4a36f40..7045bb660a36 100644
--- a/ustream-io-openssl.c
+++ b/ustream-io-openssl.c
@@ -48,18 +48,18 @@ s_ustream_free(BIO *b)
 static int
 s_ustream_read(BIO *b, char *buf, int len)
 {
-	struct ustream *s;
+	struct bio_ctx *ctx;
 	char *sbuf;
 	int slen;
 
 	if (!buf || len <= 0)
 		return 0;
 
-	s = (struct ustream *)BIO_get_data(b);
-	if (!s)
+	ctx = (struct bio_ctx *)BIO_get_data(b);
+	if (!ctx || !ctx->stream)
 		return 0;
 
-	sbuf = ustream_get_read_buf(s, &slen);
+	sbuf = ustream_get_read_buf(ctx->stream, &slen);
 
 	BIO_clear_retry_flags(b);
 	if (!slen) {
@@ -71,7 +71,7 @@ s_ustream_read(BIO *b, char *buf, int len)
 		slen = len;
 
 	memcpy(buf, sbuf, slen);
-	ustream_consume(s, slen);
+	ustream_consume(ctx->stream, slen);
 
 	return slen;
 }
@@ -79,19 +79,19 @@ s_ustream_read(BIO *b, char *buf, int len)
 static int
 s_ustream_write(BIO *b, const char *buf, int len)
 {
-	struct ustream *s;
+	struct bio_ctx *ctx;
 
 	if (!buf || len <= 0)
 		return 0;
 
-	s = (struct ustream *)BIO_get_data(b);
-	if (!s)
+	ctx = (struct bio_ctx *)BIO_get_data(b);
+	if (!ctx || !ctx->stream)
 		return 0;
 
-	if (s->write_error)
+	if (ctx->stream->write_error)
 		return len;
 
-	return ustream_write(s, buf, len, false);
+	return ustream_write(ctx->stream, buf, len, false);
 }
 
 static int
@@ -119,19 +119,20 @@ static long s_ustream_ctrl(BIO *b, int cmd, long num, void *ptr)
 static BIO *ustream_bio_new(struct ustream *s)
 {
 	BIO *bio;
-
-	BIO_METHOD *methods_ustream;
-
-	methods_ustream = BIO_meth_new(100 | BIO_TYPE_SOURCE_SINK, "ustream");
-	BIO_meth_set_write(methods_ustream, s_ustream_write);
-	BIO_meth_set_read(methods_ustream, s_ustream_read);
-	BIO_meth_set_puts(methods_ustream, s_ustream_puts);
-	BIO_meth_set_gets(methods_ustream, s_ustream_gets);
-	BIO_meth_set_ctrl(methods_ustream, s_ustream_ctrl);
-	BIO_meth_set_create(methods_ustream, s_ustream_new);
-	BIO_meth_set_destroy(methods_ustream, s_ustream_free);
-	bio = BIO_new(methods_ustream);
-	BIO_set_data(bio, s);
+	struct bio_ctx *ctx = calloc(1, sizeof(struct bio_ctx));
+
+	ctx->stream = s;
+	ctx->meth = BIO_meth_new(100 | BIO_TYPE_SOURCE_SINK, "ustream");
+
+	BIO_meth_set_write(ctx->meth, s_ustream_write);
+	BIO_meth_set_read(ctx->meth, s_ustream_read);
+	BIO_meth_set_puts(ctx->meth, s_ustream_puts);
+	BIO_meth_set_gets(ctx->meth, s_ustream_gets);
+	BIO_meth_set_ctrl(ctx->meth, s_ustream_ctrl);
+	BIO_meth_set_create(ctx->meth, s_ustream_new);
+	BIO_meth_set_destroy(ctx->meth, s_ustream_free);
+	bio = BIO_new(ctx->meth);
+	BIO_set_data(bio, ctx);
 
 	return bio;
 }
diff --git a/ustream-openssl.c b/ustream-openssl.c
index dec2b9f7816d..ad77e721534c 100644
--- a/ustream-openssl.c
+++ b/ustream-openssl.c
@@ -210,8 +210,15 @@ __hidden void __ustream_ssl_context_free(struct ustream_ssl_ctx *ctx)
 
 void __ustream_ssl_session_free(void *ssl)
 {
+	BIO *bio = SSL_get_wbio(ssl);
+	struct bio_ctx *ctx = BIO_get_data(bio);
+
 	SSL_shutdown(ssl);
 	SSL_free(ssl);
+	if (ctx) {
+		BIO_meth_free(ctx->meth);
+		free(ctx);
+	}
 }
 
 static void ustream_ssl_error(struct ustream_ssl *us, int ret)
diff --git a/ustream-openssl.h b/ustream-openssl.h
index 9663d21ffd70..90acc864ddfa 100644
--- a/ustream-openssl.h
+++ b/ustream-openssl.h
@@ -31,6 +31,11 @@
 
 void __ustream_ssl_session_free(void *ssl);
 
+struct bio_ctx {
+	BIO_METHOD *meth;
+	struct ustream *stream;
+};
+
 static inline void *__ustream_ssl_session_new(void *ctx)
 {
 	return SSL_new(ctx);



More information about the openwrt-devel mailing list