Bug 678594

Summary: memory leak on SSL connection failure
Product: Red Hat Enterprise Linux 6 Reporter: Kamil Dudka <kdudka>
Component: curlAssignee: Kamil Dudka <kdudka>
Status: CLOSED ERRATA QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: medium Docs Contact:
Priority: medium    
Version: 6.1CC: mhusnain, mvadkert, ovasik, prc
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
libcurl leaked memory when an SSL connection failed. This is now fixed to prevent the memory leak during an SSL connection failure.
 Story Points: ---
Clone Of:
: 1071254 (view as bug list) Environment:
Last Closed: 2011-05-19 13:12:42 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Kamil Dudka 2011-02-18 15:02:29 UTC 
Version-Release number of selected component (if applicable):
curl-7.19.7-20.el6


How reproducible:
100%


Steps to Reproduce:
1. ./runtests.pl -a -k -p -v 305 404
2. open valgrind logs


Actual results:
32 bytes in 1 blocks are definitely lost in loss record 35 of 85
   at 0x4A05E46: malloc (vg_replace_malloc.c:195)
   by 0x4C3A4DE: Curl_llist_alloc (llist.c:49)
   by 0x4C4B0E6: Curl_nss_connect (nss.c:1132)
   by 0x4C42DEA: Curl_ssl_connect (sslgen.c:185)
   by 0x4C21CC8: Curl_http_connect (http.c:1795)
   by 0x4C2E1A1: Curl_protocol_connect (url.c:3071)
   by 0x4C2E541: Curl_connect (url.c:4737)
   by 0x4C36939: Curl_perform (transfer.c:2488)
   by 0x408480: main (main.c:5002)


Upstream commit:
https://github.com/bagder/curl/commit/a40f58d
Comment 7 Misha H. Ali 2011-04-20 06:17:29 UTC 
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
libcurl leaked  memory when an SSL connection failed. This is now fixed to prevent the memory leak during an SSL connection failure.
Comment 8 errata-xmlrpc 2011-05-19 13:12:42 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-0573.html