Bug 772628

Summary: nss_Init() leaks memory
Product: Red Hat Enterprise Linux 6 Reporter: Kamil Dudka <kdudka>
Component: nssAssignee: Elio Maldonado Batiz <emaldona>
Status: CLOSED ERRATA QA Contact: Aleš Mareček <amarecek>
Severity: medium Docs Contact:
Priority: high    
Version: 6.2CC: amarecek, ebenes, hkario, jrieden, rrelyea
Target Milestone: rcKeywords: Patch
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: nss-3.13.3-4.el6 Doc Type: Bug Fix
Doc Text:
No documentation needed
 Story Points: ---
Clone Of:
: 812423 975755 (view as bug list) Environment:
Last Closed: 2012-06-20 07:23:43 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 738456, 812423    
Attachments:
Description Flags
a proposed fix
none
a proposed fix V2 emaldona: review+

Description Kamil Dudka 2012-01-09 13:27:09 UTC 
Version-Release number of selected component (if applicable):
nss-3.12.10-17.1.el6


How reproducible:
100 %


Steps to Reproduce:
1. patch curl by attachment #525555 [details]
2. run this test-case: attachment #551005 [details]

  
Actual results:
==17888== 512 bytes in 16 blocks are definitely lost in loss record 75 of 86
==17888==    at 0x4A05FDE: malloc (vg_replace_malloc.c:236)
==17888==    by 0x331A412574: GrowStuff (prprf.c:1076)
==17888==    by 0x331A411BD7: dosprintf (prprf.c:137)
==17888==    by 0x331A412439: PR_vsmprintf (prprf.c:1127)
==17888==    by 0x331A41272C: PR_smprintf (prprf.c:1105)
==17888==    by 0x5581D5C: nss_MkConfigString (nssinit.c:205)
==17888==    by 0x55826E9: nss_Init (nssinit.c:597)
==17888==    by 0x5582DFA: NSS_InitContext (nssinit.c:804)
==17888==    by 0x4EC8776: nss_init_core (nss.c:905)
==17888==    by 0x4EC8914: nss_init (nss.c:949)
==17888==    by 0x4EC8F7F: Curl_nss_connect (nss.c:1167)
==17888==    by 0x4EBC00A: Curl_ssl_connect (sslgen.c:185)
Comment 1 Kamil Dudka 2012-01-09 13:30:49 UTC 
Created attachment 551566 [details]
a proposed fix
Comment 3 Elio Maldonado Batiz 2012-02-29 16:16:08 UTC 
Thank you for the patch but is not needed since the update to nss 3.13.1.
In the current code in nssinit.c we have
loser:
    if (initContextPtr && *initContextPtr) {
	PORT_Free(*initContextPtr);
	*initContextPtr = NULL;
	if (configStrings) {
	   PR_smprintf_free(configStrings);
	}
    }
and with initContextPtr NULL configStrings = pk11_config_strings whose allocation/deallocation is handled by PK11_ConfigurePKCS11 and PK11_UnconfigurePKCS11.
Comment 4 Kamil Dudka 2012-02-29 17:15:17 UTC 
(In reply to comment #3)
> Thank you for the patch but is not needed since the update to nss 3.13.1.

I disagree.

> In the current code in nssinit.c we have
> loser:
>     if (initContextPtr && *initContextPtr) {
>  PORT_Free(*initContextPtr);
>  *initContextPtr = NULL;
>  if (configStrings) {
>     PR_smprintf_free(configStrings);
>  }
>     }

This code is not new to 3.13.1 and does not solve the issue I reported.

> and with initContextPtr NULL configStrings = pk11_config_strings whose
> allocation/deallocation is handled by PK11_ConfigurePKCS11 and
> PK11_UnconfigurePKCS11.

Right, then we need to handle this case separately to avoid a double free.
Comment 5 Kamil Dudka 2012-02-29 17:22:19 UTC 
Created attachment 566601 [details]
a proposed fix V2

Avoid a double free.
Comment 6 Eduard Benes 2012-03-05 17:53:10 UTC 
Is this NSS bug required for fixing bug 738456?
Comment 7 Kamil Dudka 2012-03-05 18:18:17 UTC 
(In reply to comment #6)
> Is this NSS bug required for fixing bug 738456?

Without this patch applied, nss will start to leak on initialization as soon as bug 738456 is fixed.  From my point of view, such amount of memory leakage is acceptable, but I am not the one here to make decisions.
Comment 11 Bob Relyea 2012-03-09 01:47:53 UTC 
upstream bug?
Comment 13 Kamil Dudka 2012-04-13 11:21:50 UTC 
Elio, could you please apply my fix on Fedora?

This bug breaks curl's test-suite badly:

http://koji.fedoraproject.org/koji/getfile?taskID=3987501&name=build.log
Comment 14 Elio Maldonado Batiz 2012-04-13 17:20:20 UTC 
(In reply to comment #13)
Kamil, I applied your fix to Fedora Rawhide and submitted it upstream.
Comment 15 Elio Maldonado Batiz 2012-04-26 18:30:48 UTC 
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
No documentation needed
Comment 17 errata-xmlrpc 2012-06-20 07:23:43 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2012-0973.html