From: tux@...
Date: 2014-04-15T09:57:59+00:00
Subject: [ruby-core:62038] [ruby-trunk - Bug #9743] [Open] memory leak in openssl ossl_pkey_verify leaks memory

Issue #9743 has been reported by Joel Westerberg.

----------------------------------------
Bug #9743: memory leak in openssl ossl_pkey_verify leaks memory
https://bugs.ruby-lang.org/issues/9743

* Author: Joel Westerberg
* Status: Open
* Priority: Normal
* Assignee: 
* Category: 
* Target version: 
* ruby -v: 2.1.1
* Backport: 2.0.0: UNKNOWN, 2.1: UNKNOWN
----------------------------------------
repeated calls to pub_key.verify(digest, signature, data) leaks memory. 

from what I can gather from the openssl documentation, there seems to be a missing call to EVP_MD_CTX_cleanup() 

FILE: ossl_pkey.c 

~~~
326    EVP_VerifyUpdate(&ctx, RSTRING_PTR(data), RSTRING_LEN(data));
327    switch (EVP_VerifyFinal(&ctx, (unsigned char *)RSTRING_PTR(sig), RSTRING_LENINT(sig), pkey)) {
328    case 0:
~~~

from the openssl docs:

http://www.openssl.org/docs/crypto/EVP_VerifyInit.html

The call to EVP_VerifyFinal() internally finalizes a copy of the digest context. This means that calls to EVP_VerifyUpdate() and EVP_VerifyFinal() can be called later to digest and verify additional data.

Since only a copy of the digest context is ever finalized the context must be cleaned up after use by calling EVP_MD_CTX_cleanup() or a memory leak will occur.





-- 
https://bugs.ruby-lang.org/