[ldns-users] ldns_verify() leaking memory

Thu Jul 4 11:56:29 UTC 2013

On 4 July 2013 12:40, Willem Toorop <willem at nlnetlabs.nl> wrote:

Hi Willem,

> Same thing has been noticed before by others. Openssl uses some global
> data that is allocated on the first call of a crypto function (RSA_new
> in our case). It is harmless and will not grow (or leak). You can free
> those globals by calling CRYPTO_cleanup_all_ex_data() just before
> program termination, but maybe it is safest to just leave it.
>
>
> --- ldns-verify-test.c.orig     2013-07-04 11:36:29.601978203 +0200
> +++ ldns-verify-test.c  2013-07-04 11:36:57.533978040 +0200
> @@ -1,4 +1,5 @@
>  #include <ldns/ldns.h>
> +#include <openssl/ssl.h>
>
>  int main(int argc, char *argv[])
>  {
> @@ -128,5 +129,7 @@
>         if (NULL != ns_rdf)
>                 ldns_rdf_deep_free(ns_rdf);
>
> +       CRYPTO_cleanup_all_ex_data();
> +
>         return 0;
>  }
>
>
> $ gcc -I$HOME/local/include -Wall -ggdb ldns-verify-test.c -o
> ldns-verify-test -L$HOME/local/lib -lldns && valgrind ./ldns-verify-test
> 199.249.120.1 org. icann.org. 2>&1 | grep 'heap usage'
> ==3963==   total heap usage: 1,029 allocs, 1,029 frees, 648,346 bytes
> allocated

Thank you for a detailed reply, it's clear now. :-)

Cheers,

dimir

> Op 02-07-13 16:09, Vladimir Levijev schreef:
>> Hi,
>>
>> I have a program to verify digital signatures of a domain (attached).
>> As soon as I execute ldns_verify() I get memory leak (checking with
>> valgrind).
>>
>> If I do not execute next piece of code (by adding a "goto" before
>> calling ldns_verify()):
>>
>> [...]
>>         goto out;
>>
>>         if (LDNS_STATUS_OK != (status = ldns_verify(rrset, rrsig, keys, NULL)))
>>         {
>>                 printf("cannot verify \"%s\" signature from \"%s\"
>> (%s)", subdomain, ns, ldns_get_errorstr_by_id(status));
>>                 goto out;
>>         }
>>
>> out:
>> [...]
>>
>> my program is not leaking memory:
>>
>> $ gcc -Wall -ggdb -lldns ldns-verify-test.c -o ldns-verify-test &&
>> valgrind ./ldns-verify-test 199.249.120.1 org. icann.org. 2>&1 | grep
>> 'heap usage'
>> ==25756==   total heap usage: 873 allocs, 873 frees, 434,116 bytes allocated
>>
>> If I remove the "goto" above and ldns_verify() gets called I get memory leak:
>>
>> $ gcc -Wall -ggdb -lldns ldns-verify-test.c -o ldns-verify-test &&
>> valgrind ./ldns-verify-test 199.249.120.1 org. icann.org. 2>&1 | grep
>> 'heap usage'
>> ==25950==   total heap usage: 1,028 allocs, 1,022 frees, 637,482 bytes allocated
>>
>> It looks like ldns_verify() is leaking memory unless I'm doing
>> something wrong. According to valgrind output (attached) it happens in
>> libcrypto, that ldns is using.
>>
>> $ cat /etc/debian_version
>> 7.0
>>
>> $ dpkg -S /usr/lib/libldns.so
>> libldns-dev: /usr/lib/libldns.so
>>
>> $ dpkg -l libldns-dev
>> ii  libldns-dev                                           1.6.13-1
>>                    i386                            ldns library for
>> DNS programming
>>
>> $ ldd /usr/lib/libldns.so
>>         linux-gate.so.1 =>  (0xb7790000)
>>         libcrypto.so.1.0.0 =>
>> /usr/lib/i386-linux-gnu/i686/cmov/libcrypto.so.1.0.0 (0xb7563000)
>>         libc.so.6 => /lib/i386-linux-gnu/i686/cmov/libc.so.6 (0xb7400000)
>>         libdl.so.2 => /lib/i386-linux-gnu/i686/cmov/libdl.so.2 (0xb73fb000)
>>         libz.so.1 => /lib/i386-linux-gnu/libz.so.1 (0xb73e2000)
>>         /lib/ld-linux.so.2 (0xb7791000)