From: nobu@...
Date: 2014-04-16T00:51:27+00:00
Subject: [ruby-core:62042] [ruby-trunk - Bug #9743] [Closed] memory leak in openssl ossl_pkey_verify leaks memory

Issue #9743 has been updated by Nobuyoshi Nakada.

Status changed from Open to Closed
% Done changed from 0 to 100

Applied in changeset r45595.

----------
ossl_pkey.c: fix memory leak

* ext/openssl/ossl_pkey.c (ossl_pkey_verify): as EVP_VerifyFinal()
  finalizes only a copy of the digest context, the context must be
  cleaned up after initialization by EVP_MD_CTX_cleanup() or a
  memory leak will occur.  [ruby-core:62038] [Bug #9743]

----------------------------------------
Bug #9743: memory leak in openssl ossl_pkey_verify leaks memory
https://bugs.ruby-lang.org/issues/9743#change-46222

* Author: Joel Westerberg
* Status: Closed
* Priority: Normal
* Assignee: 
* Category: 
* Target version: 
* ruby -v: 2.1.1
* Backport: 2.0.0: UNKNOWN, 2.1: UNKNOWN
----------------------------------------
repeated calls to pub_key.verify(digest, signature, data) leaks memory. 

from what I can gather from the openssl documentation, there seems to be a missing call to EVP_MD_CTX_cleanup() 

FILE: ossl_pkey.c 

~~~
326    EVP_VerifyUpdate(&ctx, RSTRING_PTR(data), RSTRING_LEN(data));
327    switch (EVP_VerifyFinal(&ctx, (unsigned char *)RSTRING_PTR(sig), RSTRING_LENINT(sig), pkey)) {
328    case 0:
~~~

from the openssl docs:

http://www.openssl.org/docs/crypto/EVP_VerifyInit.html

The call to EVP_VerifyFinal() internally finalizes a copy of the digest context. This means that calls to EVP_VerifyUpdate() and EVP_VerifyFinal() can be called later to digest and verify additional data.

Since only a copy of the digest context is ever finalized the context must be cleaned up after use by calling EVP_MD_CTX_cleanup() or a memory leak will occur.





-- 
https://bugs.ruby-lang.org/