• C

Memory leak in OpenSSL application

Hi all,
    I've written an application that uses OpenSSL library. But I've found there are memory leaks of several kilobytes whenever a client connects to my server program. Both uses TLS. The server program never frees up the memory when the client disconnects. I've found out this problem from issuing "top" command in GNU/Linux. Here is a summary of what happens inside the server program from the moment a client connects till it disconnects:

  BIO_do_accept(acc)    (Connection stage)
  client = BIO_pop(acc)
  ssl = SSL_new(ctx)
  SSL_set_accept_state(ssl)
  SSL_set_bio(ssl, client, client)
  SSL_accept(ssl)

  SSL_read/write(ssl ....)  (Processing data)

  SSL_shutdown(ssl)    (Disconnection stage)
  SSL_free(ssl)
  ERR_free_strings()
  ERR_clear_error()
  ERR_remove_state(0)

    acc is a BIO object, whereas CTX is a SSL_CTX object. Both of the these objects are only freed up using SSL_CTX_free(ctx) and BIO_free(acc) when the server program shutdowns. My server program was written using the guideline from the book "Network Security with OpenSSL". Ironically, the example in the book also have memory leak.
    I use valgrind 2.2 and valgrind 2.4 to debug my server program. Valgrind 2.2 crashes but is able to report that there are several block of leaks that are caused by CRYPTO_malloc call. Valgrind 2.4 completes successfully but complains that there is a big block of memory leak that is caused by pthread_create. The result from valgrind 2.4 is very weird since no data pointer is passed to thread. I also debug the example from the book using valgrind. The result also shows that there are several block of leaks that are caused by CRYPTO_malloc.
    Can anybody tell me what causes the memory leak? Do I miss out any important step? Do I miss out any OpenSSL function that frees up memory?
   
Thanks.
ceoconsultancyAsked:
Who is Participating?
 
sunnycoderCommented:
What version of openSSL are you using? Make sure it is the latest one since there were some memory leaks which were fixed
http://www.openssl.org/news/news.html

Also take a look at this message from the mailing list.
http://mailman.webdav.org/pipermail/neon/2001-May/000491.html

The message is quite old but indicates that libssl may indeed require you to call some cleanup functions. I have not used openSSL myself, but it might be worth the effort to search their docs for cleanup functions.
0
 
ceoconsultancyAuthor Commented:
I tried it OpenSSL 0.9.6c and 0.9.7e. Oh, 0.9.7g is out. I'll check that out. Thanks
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.