[ldns-users] ldns_verify() leaking memory

Thu Jul 4 09:40:08 UTC 2013

Hi Vladimir,

Same thing has been noticed before by others. Openssl uses some global
data that is allocated on the first call of a crypto function (RSA_new
in our case). It is harmless and will not grow (or leak). You can free
those globals by calling CRYPTO_cleanup_all_ex_data() just before
program termination, but maybe it is safest to just leave it.

--- ldns-verify-test.c.orig	2013-07-04 11:36:29.601978203 +0200
+++ ldns-verify-test.c	2013-07-04 11:36:57.533978040 +0200
@@ -1,4 +1,5 @@
 #include <ldns/ldns.h>
+#include <openssl/ssl.h>

 int main(int argc, char *argv[])
 {
@@ -128,5 +129,7 @@
 	if (NULL != ns_rdf)
 		ldns_rdf_deep_free(ns_rdf);

+	CRYPTO_cleanup_all_ex_data();
+
 	return 0;
 }


$ gcc -I$HOME/local/include -Wall -ggdb ldns-verify-test.c -o
ldns-verify-test -L$HOME/local/lib -lldns && valgrind ./ldns-verify-test
199.249.120.1 org. icann.org. 2>&1 | grep 'heap usage'
==3963==   total heap usage: 1,029 allocs, 1,029 frees, 648,346 bytes
allocated


Cheers,
-- 
Willem

Op 02-07-13 16:09, Vladimir Levijev schreef:
> Hi,
> 
> I have a program to verify digital signatures of a domain (attached).
> As soon as I execute ldns_verify() I get memory leak (checking with
> valgrind).
> 
> If I do not execute next piece of code (by adding a "goto" before
> calling ldns_verify()):
> 
> [...]
>         goto out;
> 
>         if (LDNS_STATUS_OK != (status = ldns_verify(rrset, rrsig, keys, NULL)))
>         {
>                 printf("cannot verify \"%s\" signature from \"%s\"
> (%s)", subdomain, ns, ldns_get_errorstr_by_id(status));
>                 goto out;
>         }
> 
> out:
> [...]
> 
> my program is not leaking memory:
> 
> $ gcc -Wall -ggdb -lldns ldns-verify-test.c -o ldns-verify-test &&
> valgrind ./ldns-verify-test 199.249.120.1 org. icann.org. 2>&1 | grep
> 'heap usage'
> ==25756==   total heap usage: 873 allocs, 873 frees, 434,116 bytes allocated
> 
> If I remove the "goto" above and ldns_verify() gets called I get memory leak:
> 
> $ gcc -Wall -ggdb -lldns ldns-verify-test.c -o ldns-verify-test &&
> valgrind ./ldns-verify-test 199.249.120.1 org. icann.org. 2>&1 | grep
> 'heap usage'
> ==25950==   total heap usage: 1,028 allocs, 1,022 frees, 637,482 bytes allocated
> 
> It looks like ldns_verify() is leaking memory unless I'm doing
> something wrong. According to valgrind output (attached) it happens in
> libcrypto, that ldns is using.
> 
> $ cat /etc/debian_version
> 7.0
> 
> $ dpkg -S /usr/lib/libldns.so
> libldns-dev: /usr/lib/libldns.so
> 
> $ dpkg -l libldns-dev
> ii  libldns-dev                                           1.6.13-1
>                    i386                            ldns library for
> DNS programming
> 
> $ ldd /usr/lib/libldns.so
>         linux-gate.so.1 =>  (0xb7790000)
>         libcrypto.so.1.0.0 =>
> /usr/lib/i386-linux-gnu/i686/cmov/libcrypto.so.1.0.0 (0xb7563000)
>         libc.so.6 => /lib/i386-linux-gnu/i686/cmov/libc.so.6 (0xb7400000)
>         libdl.so.2 => /lib/i386-linux-gnu/i686/cmov/libdl.so.2 (0xb73fb000)
>         libz.so.1 => /lib/i386-linux-gnu/libz.so.1 (0xb73e2000)
>         /lib/ld-linux.so.2 (0xb7791000)
> 
> Cheers,
> 
> dimir
> 
> 
> 
> _______________________________________________
> ldns-users mailing list
> ldns-users at open.nlnetlabs.nl
> http://open.nlnetlabs.nl/mailman/listinfo/ldns-users
> 


