Bug 1479881

Summary: curl leaks memory after update of nss-softokn
Product: [Fedora] Fedora Reporter: Kamil Dudka <kdudka>
Component: nss-softoknAssignee: Daiki Ueno <dueno>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: high    
Version: 26CC: dueno, elio.maldonado.batiz, kdudka, kengert, rrelyea
Target Milestone: ---Keywords: Regression
Target Release: ---   
Hardware: i686   
OS: Unspecified   
Whiteboard:
Fixed In Version: nss-softokn-3.32.0-1.2.fc26 nss-softokn-3.32.0-1.2.fc25 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-08-24 03:51:03 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Kamil Dudka 2017-08-09 15:55:06 UTC
Version-Release number of selected component (if applicable):
nss-3.31.0-1.1.fc26.i686
nss-pem-1.0.3-3.fc26.i686
nss-softokn-3.32.0-1.0.fc26.i686
nss-softokn-freebl-3.32.0-1.0.fc26.i686
nss-sysinit-3.31.0-1.1.fc26.i686
nss-tools-3.31.0-1.1.fc26.i686
nss-util-3.32.0-1.0.fc26.i686


Steps to Reproduce:
1. valgrind --leak-check=full curl -so/dev/null https://google.com


Actual results:
# valgrind --leak-check=full curl -so/dev/null https://google.com
[...]
HEAP SUMMARY:
    in use at exit: 5,214 bytes in 31 blocks
  total heap usage: 142,804 allocs, 142,773 frees, 12,229,522 bytes allocated

303 bytes in 1 blocks are definitely lost in loss record 14 of 20
   at 0x483302A: calloc (vg_replace_malloc.c:711)
   by 0x4AC7E43: PR_Calloc (prmem.c:443)
   by 0x4A91CBE: PORT_ZAlloc_Util (secport.c:114)
   by 0x645710A: ??? (in /usr/lib/libfreeblpriv3.so)
   by 0x6457F0A: ??? (in /usr/lib/libfreeblpriv3.so)
   by 0x63266A2: ???
   by 0x63281E4: ???
   by 0x4999974: PK11_Decrypt (pk11obj.c:923)
   by 0x48E30B1: ssl3_AESGCM (ssl3con.c:1871)
   by 0x48F3E5E: ssl3_UnprotectRecord (ssl3con.c:12385)
   by 0x48F3E5E: ssl3_HandleRecord (ssl3con.c:12608)
   by 0x48F5DD7: ssl3_GatherCompleteHandshake (ssl3gthr.c:514)
   by 0x48FDBEB: SSL_ForceHandshake (sslsecur.c:403)

429 bytes in 3 blocks are definitely lost in loss record 15 of 20
   at 0x483302A: calloc (vg_replace_malloc.c:711)
   by 0x4AC7E43: PR_Calloc (prmem.c:443)
   by 0x4A91CBE: PORT_ZAlloc_Util (secport.c:114)
   by 0x6455167: ??? (in /usr/lib/libfreeblpriv3.so)
   by 0x6457B1F: ??? (in /usr/lib/libfreeblpriv3.so)
   by 0x6457F48: ??? (in /usr/lib/libfreeblpriv3.so)
   by 0x63266A2: ???
   by 0x63281E4: ???
   by 0x4999974: PK11_Decrypt (pk11obj.c:923)
   by 0x48E30B1: ssl3_AESGCM (ssl3con.c:1871)
   by 0x48F3E5E: ssl3_UnprotectRecord (ssl3con.c:12385)
   by 0x48F3E5E: ssl3_HandleRecord (ssl3con.c:12608)
   by 0x48F5DD7: ssl3_GatherCompleteHandshake (ssl3gthr.c:514)

606 bytes in 2 blocks are definitely lost in loss record 17 of 20
   at 0x483302A: calloc (vg_replace_malloc.c:711)
   by 0x4AC7E43: PR_Calloc (prmem.c:443)
   by 0x4A91CBE: PORT_ZAlloc_Util (secport.c:114)
   by 0x645710A: ??? (in /usr/lib/libfreeblpriv3.so)
   by 0x6457F0A: ??? (in /usr/lib/libfreeblpriv3.so)
   by 0x63266A2: ???
   by 0x63281E4: ???
   by 0x4999974: PK11_Decrypt (pk11obj.c:923)
   by 0x48E30B1: ssl3_AESGCM (ssl3con.c:1871)
   by 0x48F3E5E: ssl3_UnprotectRecord (ssl3con.c:12385)
   by 0x48F3E5E: ssl3_HandleRecord (ssl3con.c:12608)
   by 0x48F5DD7: ssl3_GatherCompleteHandshake (ssl3gthr.c:514)
   by 0x48F65A5: ssl3_GatherAppDataRecord (ssl3gthr.c:592)

715 bytes in 5 blocks are definitely lost in loss record 19 of 20
   at 0x483302A: calloc (vg_replace_malloc.c:711)
   by 0x4AC7E43: PR_Calloc (prmem.c:443)
   by 0x4A91CBE: PORT_ZAlloc_Util (secport.c:114)
   by 0x6455167: ??? (in /usr/lib/libfreeblpriv3.so)
   by 0x6457B1F: ??? (in /usr/lib/libfreeblpriv3.so)
   by 0x6457F48: ??? (in /usr/lib/libfreeblpriv3.so)
   by 0x63266A2: ???
   by 0x6327884: ???
   by 0x4999B81: PK11_Encrypt (pk11obj.c:970)
   by 0x48E31AE: ssl3_AESGCM (ssl3con.c:1874)
   by 0x48E48A2: ssl3_CompressMACEncryptRecord (ssl3con.c:2439)
   by 0x48E5042: ssl_ProtectRecord (ssl3con.c:2578)

1,515 bytes in 5 blocks are definitely lost in loss record 20 of 20
   at 0x483302A: calloc (vg_replace_malloc.c:711)
   by 0x4AC7E43: PR_Calloc (prmem.c:443)
   by 0x4A91CBE: PORT_ZAlloc_Util (secport.c:114)
   by 0x645710A: ??? (in /usr/lib/libfreeblpriv3.so)
   by 0x6457F0A: ??? (in /usr/lib/libfreeblpriv3.so)
   by 0x63266A2: ???
   by 0x6327884: ???
   by 0x4999B81: PK11_Encrypt (pk11obj.c:970)
   by 0x48E31AE: ssl3_AESGCM (ssl3con.c:1874)
   by 0x48E48A2: ssl3_CompressMACEncryptRecord (ssl3con.c:2439)
   by 0x48E5042: ssl_ProtectRecord (ssl3con.c:2578)
   by 0x48E9E21: ssl3_SendRecord (ssl3con.c:2772)

LEAK SUMMARY:
   definitely lost: 3,568 bytes in 16 blocks
   indirectly lost: 0 bytes in 0 blocks
     possibly lost: 0 bytes in 0 blocks
   still reachable: 1,646 bytes in 15 blocks
        suppressed: 0 bytes in 0 blocks


Expected results:
Downgrade to nss-softokn-3.31.0-1.0.fc26.i686 fixes the problem:
# dnf install https://kojipkgs.fedoraproject.org//packages/nss-softokn/3.31.0/1.0.fc26/i686/nss-softokn-3.31.0-1.0.fc26.i686.rpm https://kojipkgs.fedoraproject.org//packages/nss-softokn/3.31.0/1.0.fc26/i686/nss-softokn-devel-3.31.0-1.0.fc26.i686.rpm https://kojipkgs.fedoraproject.org//packages/nss-softokn/3.31.0/1.0.fc26/i686/nss-softokn-freebl-3.31.0-1.0.fc26.i686.rpm https://kojipkgs.fedoraproject.org//packages/nss-softokn/3.31.0/1.0.fc26/i686/nss-softokn-freebl-devel-3.31.0-1.0.fc26.i686.rpm https://kojipkgs.fedoraproject.org//packages/nss-softokn/3.31.0/1.0.fc26/i686/nss-softokn-debuginfo-3.31.0-1.0.fc26.i686.rpm

# valgrind --leak-check=full curl -so/dev/null https://google.com
[...]
HEAP SUMMARY:
    in use at exit: 1,646 bytes in 15 blocks
  total heap usage: 142,832 allocs, 142,817 frees, 12,242,922 bytes allocated

LEAK SUMMARY:
   definitely lost: 0 bytes in 0 blocks
   indirectly lost: 0 bytes in 0 blocks
     possibly lost: 0 bytes in 0 blocks
   still reachable: 1,646 bytes in 15 blocks
        suppressed: 0 bytes in 0 blocks


Additional info:
This regression in stable Fedora delayed a release of curl security update:
https://koji.fedoraproject.org/koji/taskinfo?taskID=21127860

Comment 1 Kamil Dudka 2017-08-09 16:08:16 UTC
I forgot to upgrade nss-softokn-debuginfo while pasting valgrind's output.
Pasting now again with more symbols resolved:

# valgrind --leak-check=full curl -so/dev/null https://google.com
[...]
HEAP SUMMARY:
    in use at exit: 5,214 bytes in 31 blocks
  total heap usage: 142,807 allocs, 142,776 frees, 12,229,574 bytes allocated

303 bytes in 1 blocks are definitely lost in loss record 14 of 20
   at 0x483302A: calloc (vg_replace_malloc.c:711)
   by 0x4AC7E43: PR_Calloc (prmem.c:443)
   by 0x4A91CBE: PORT_ZAlloc_Util (secport.c:114)
   by 0x645710A: AES_AllocateContext (rijndael.c:1021)
   by 0x6457F0A: AES_CreateContext (rijndael.c:1238)
   by 0x63266A2: ???
   by 0x63281E4: ???
   by 0x4999974: PK11_Decrypt (pk11obj.c:923)
   by 0x48E30B1: ssl3_AESGCM (ssl3con.c:1871)
   by 0x48F3E5E: ssl3_UnprotectRecord (ssl3con.c:12385)
   by 0x48F3E5E: ssl3_HandleRecord (ssl3con.c:12608)
   by 0x48F5DD7: ssl3_GatherCompleteHandshake (ssl3gthr.c:514)
   by 0x48FDBEB: SSL_ForceHandshake (sslsecur.c:403)

429 bytes in 3 blocks are definitely lost in loss record 15 of 20
   at 0x483302A: calloc (vg_replace_malloc.c:711)
   by 0x4AC7E43: PR_Calloc (prmem.c:443)
   by 0x4A91CBE: PORT_ZAlloc_Util (secport.c:114)
   by 0x6455167: GCM_CreateContext (gcm.c:599)
   by 0x6457B1F: AES_InitContext (rijndael.c:1193)
   by 0x6457F48: AES_CreateContext (rijndael.c:1240)
   by 0x63266A2: ???
   by 0x63281E4: ???
   by 0x4999974: PK11_Decrypt (pk11obj.c:923)
   by 0x48E30B1: ssl3_AESGCM (ssl3con.c:1871)
   by 0x48F3E5E: ssl3_UnprotectRecord (ssl3con.c:12385)
   by 0x48F3E5E: ssl3_HandleRecord (ssl3con.c:12608)
   by 0x48F5DD7: ssl3_GatherCompleteHandshake (ssl3gthr.c:514)

606 bytes in 2 blocks are definitely lost in loss record 17 of 20
   at 0x483302A: calloc (vg_replace_malloc.c:711)
   by 0x4AC7E43: PR_Calloc (prmem.c:443)
   by 0x4A91CBE: PORT_ZAlloc_Util (secport.c:114)
   by 0x645710A: AES_AllocateContext (rijndael.c:1021)
   by 0x6457F0A: AES_CreateContext (rijndael.c:1238)
   by 0x63266A2: ???
   by 0x63281E4: ???
   by 0x4999974: PK11_Decrypt (pk11obj.c:923)
   by 0x48E30B1: ssl3_AESGCM (ssl3con.c:1871)
   by 0x48F3E5E: ssl3_UnprotectRecord (ssl3con.c:12385)
   by 0x48F3E5E: ssl3_HandleRecord (ssl3con.c:12608)
   by 0x48F5DD7: ssl3_GatherCompleteHandshake (ssl3gthr.c:514)
   by 0x48F65A5: ssl3_GatherAppDataRecord (ssl3gthr.c:592)

715 bytes in 5 blocks are definitely lost in loss record 19 of 20
   at 0x483302A: calloc (vg_replace_malloc.c:711)
   by 0x4AC7E43: PR_Calloc (prmem.c:443)
   by 0x4A91CBE: PORT_ZAlloc_Util (secport.c:114)
   by 0x6455167: GCM_CreateContext (gcm.c:599)
   by 0x6457B1F: AES_InitContext (rijndael.c:1193)
   by 0x6457F48: AES_CreateContext (rijndael.c:1240)
   by 0x63266A2: ???
   by 0x6327884: ???
   by 0x4999B81: PK11_Encrypt (pk11obj.c:970)
   by 0x48E31AE: ssl3_AESGCM (ssl3con.c:1874)
   by 0x48E48A2: ssl3_CompressMACEncryptRecord (ssl3con.c:2439)
   by 0x48E5042: ssl_ProtectRecord (ssl3con.c:2578)

1,515 bytes in 5 blocks are definitely lost in loss record 20 of 20
   at 0x483302A: calloc (vg_replace_malloc.c:711)
   by 0x4AC7E43: PR_Calloc (prmem.c:443)
   by 0x4A91CBE: PORT_ZAlloc_Util (secport.c:114)
   by 0x645710A: AES_AllocateContext (rijndael.c:1021)
   by 0x6457F0A: AES_CreateContext (rijndael.c:1238)
   by 0x63266A2: ???
   by 0x6327884: ???
   by 0x4999B81: PK11_Encrypt (pk11obj.c:970)
   by 0x48E31AE: ssl3_AESGCM (ssl3con.c:1874)
   by 0x48E48A2: ssl3_CompressMACEncryptRecord (ssl3con.c:2439)
   by 0x48E5042: ssl_ProtectRecord (ssl3con.c:2578)
   by 0x48E9E21: ssl3_SendRecord (ssl3con.c:2772)

LEAK SUMMARY:
   definitely lost: 3,568 bytes in 16 blocks
   indirectly lost: 0 bytes in 0 blocks
     possibly lost: 0 bytes in 0 blocks
   still reachable: 1,646 bytes in 15 blocks
        suppressed: 0 bytes in 0 blocks

Comment 2 Fedora Update System 2017-08-11 08:33:12 UTC
nspr-4.16.0-1.fc26 nss-3.32.0-1.0.fc26 nss-softokn-3.32.0-1.1.fc26 nss-util-3.32.0-1.0.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2017-3f11b3237a

Comment 3 Fedora Update System 2017-08-11 08:35:18 UTC
nspr-4.16.0-1.fc25 nss-3.32.0-1.0.fc25 nss-softokn-3.32.0-1.1.fc25 nss-util-3.32.0-1.0.fc25 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2017-bb07876a1c

Comment 4 Fedora Update System 2017-08-13 00:59:36 UTC
nspr-4.16.0-1.fc25, nss-3.32.0-1.0.fc25, nss-softokn-3.32.0-1.1.fc25, nss-util-3.32.0-1.0.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-bb07876a1c

Comment 5 Fedora Update System 2017-08-13 04:03:52 UTC
nspr-4.16.0-1.fc26, nss-3.32.0-1.0.fc26, nss-softokn-3.32.0-1.1.fc26, nss-util-3.32.0-1.0.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-3f11b3237a

Comment 6 Fedora Update System 2017-08-18 13:47:58 UTC
nspr-4.16.0-1.fc26 nss-3.32.0-1.1.fc26 nss-softokn-3.32.0-1.2.fc26 nss-util-3.32.0-1.0.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2017-3f11b3237a

Comment 7 Fedora Update System 2017-08-18 13:53:24 UTC
nspr-4.16.0-1.fc25 nss-3.32.0-1.1.fc25 nss-softokn-3.32.0-1.2.fc25 nss-util-3.32.0-1.0.fc25 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2017-bb07876a1c

Comment 8 Fedora Update System 2017-08-21 01:20:51 UTC
nspr-4.16.0-1.fc25, nss-3.32.0-1.1.fc25, nss-softokn-3.32.0-1.2.fc25, nss-util-3.32.0-1.0.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-bb07876a1c

Comment 9 Fedora Update System 2017-08-22 18:05:48 UTC
nspr-4.16.0-1.fc26, nss-3.32.0-1.1.fc26, nss-softokn-3.32.0-1.2.fc26, nss-util-3.32.0-1.0.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-3f11b3237a

Comment 10 Fedora Update System 2017-08-24 03:51:03 UTC
nspr-4.16.0-1.fc26, nss-3.32.0-1.1.fc26, nss-softokn-3.32.0-1.2.fc26, nss-util-3.32.0-1.0.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report.

Comment 11 Fedora Update System 2017-09-06 20:51:43 UTC
nspr-4.16.0-1.fc25, nss-3.32.0-1.1.fc25, nss-softokn-3.32.0-1.2.fc25, nss-util-3.32.0-1.0.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.