Bug 746632 - [PEM] pem_CreateObject() leaks memory given a non-existing file name
Summary: [PEM] pem_CreateObject() leaks memory given a non-existing file name
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: nss
Version: 6.2
Hardware: Unspecified
OS: Unspecified
high
medium
Target Milestone: rc
: ---
Assignee: Elio Maldonado Batiz
QA Contact: Aleš Mareček
URL:
Whiteboard:
Depends On: 734760
Blocks: 746629 806058
TreeView+ depends on / blocked
 
Reported: 2011-10-17 10:45 UTC by Kamil Dudka
Modified: 2015-11-03 12:10 UTC (History)
3 users (show)

Fixed In Version: nss-3.13.3-3.el6
Doc Type: Bug Fix
Doc Text:
Clone Of: 734760
: 806058 (view as bug list)
Environment:
Last Closed: 2012-06-20 07:23:23 UTC

Attachments (Terms of Use)
Plug memory leak on pem_CreateObject (987 bytes, patch)
2012-03-12 23:50 UTC, Elio Maldonado Batiz 		rrelyea: review-
Details | Diff
proposed fix V2 (1.30 KB, patch)
2012-03-13 11:53 UTC, Kamil Dudka 		rrelyea: review+
Details | Diff
Show Obsolete (1) Add an attachment (proposed patch, testcase, etc.)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2012:0973 normal SHIPPED_LIVE Moderate: nss, nss-util, and nspr security, bug fix, and enhancement update 2012-06-19 19:28:14 UTC

Description Kamil Dudka 2011-10-17 10:45:40 UTC 
+++ This bug was initially created as a clone of Bug #734760 +++

Version-Release number of selected component (if applicable):
nss-3.12.11-1.fc17


Additional info:
Same bug in RHEL-6 and stable Fedora.

--- Additional comment from kdudka on 2011-08-31 13:23:59 CEST ---

Created attachment 520796 [details]
proposed fix
Comment 2 Kamil Dudka 2011-12-12 13:04:55 UTC 
This is currently worked around in upstream curl:

https://github.com/bagder/curl/blob/491c5a4/lib/nss.c#L382

If you comment out the 'if(is_file(filename))' line, it will leak given a non-existing file name, and it will be easily visible in valgrind.  IIRC, this bug  broke curl test-suite, which runs through valgrind and this way I discovered the bug and came with the workaround.
Comment 7 Elio Maldonado Batiz 2012-03-12 23:50:22 UTC 
Created attachment 569516 [details]
Plug memory leak on pem_CreateObject
Comment 8 Bob Relyea 2012-03-13 00:32:18 UTC 
Comment on attachment 569516 [details]
Plug memory leak on pem_CreateObject

r+ rrelyea

I still think there is a memory leak here, though.

listItem, and listObj are not being freed in the error case.. in loser.

This patch closes some of the leaks.
Comment 9 Bob Relyea 2012-03-13 00:33:23 UTC 
Comment on attachment 569516 [details]
Plug memory leak on pem_CreateObject

r-. Actually we should make sure we are freeing everything in this patch before it's approved.
Comment 10 Kamil Dudka 2012-03-13 07:59:00 UTC 
Bob, you are right.  The patch is incomplete.
Comment 11 Kamil Dudka 2012-03-13 11:53:53 UTC 
Created attachment 569656 [details]
proposed fix V2

$ valgrind /usr/bin/curl --cacert xxx https://localhost
==21816== Memcheck, a memory error detector
==21816== Copyright (C) 2002-2010, and GNU GPL'd, by Julian Seward et al.
==21816== Using Valgrind-3.6.0 and LibVEX; rerun with -h for copyright info
==21816== Command: /usr/bin/curl --cacert xxx https://localhost
==21816==
curl: (77) Problem with the SSL CA cert (path? access rights?)
==21816==
==21816== HEAP SUMMARY:
==21816==     in use at exit: 16,315 bytes in 101 blocks
==21816==   total heap usage: 8,587 allocs, 8,486 frees, 2,269,057 bytes allocated
==21816==
==21816== LEAK SUMMARY:
==21816==    definitely lost: 0 bytes in 0 blocks
==21816==    indirectly lost: 0 bytes in 0 blocks
==21816==      possibly lost: 88 bytes in 2 blocks
==21816==    still reachable: 16,227 bytes in 99 blocks
==21816==         suppressed: 0 bytes in 0 blocks
==21816== Rerun with --leak-check=full to see details of leaked memory
==21816==
==21816== For counts of detected and suppressed errors, rerun with: -v
==21816== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 9 from 7)
Comment 12 Bob Relyea 2012-03-13 22:01:50 UTC 
Comment on attachment 569656 [details]
proposed fix V2

r+ Yup, that fixes it.

bob
Comment 16 errata-xmlrpc 2012-06-20 07:23:23 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2012-0973.html
Note You need to log in before you can comment on or make changes to this bug.