cURL / Mailing Lists / curl-library / Single Mail

curl-library

PKCS#12 client certificate memory leak

From: Johannes Bauer <Jb.Imm_at_gmx.de>
Date: Tue, 17 Jan 2012 17:48:39 +0100

Hi list,

when using libcurl 7.21.3-1ubuntu1.3 it can be observed that parsing a
PKCS#12 client certificate yields a memory leak at each called
curl_easy_perform instance (and only if the connection succeeds, too):

==25270== 192 (96 direct, 96 indirect) bytes in 3 blocks are definitely
lost in loss record 15 of 17
==25270== at 0x4C28FAC: malloc (vg_replace_malloc.c:236)
==25270== by 0x6303CA1: CRYPTO_malloc (in /lib/libcrypto.so.0.9.8)
==25270== by 0x636068E: sk_new (in /lib/libcrypto.so.0.9.8)
==25270== by 0x63AE63C: PKCS12_parse (in /lib/libcrypto.so.0.9.8)
==25270== by 0x50C4ED2: ??? (in /usr/lib/libcurl.so.4.2.0)
==25270== by 0x50C5F44: Curl_ossl_connect (in /usr/lib/libcurl.so.4.2.0)
==25270== by 0x50D9F96: Curl_ssl_connect (in /usr/lib/libcurl.so.4.2.0)
==25270== by 0x50B1E98: Curl_http_connect (in /usr/lib/libcurl.so.4.2.0)
==25270== by 0x50C1199: Curl_protocol_connect (in
/usr/lib/libcurl.so.4.2.0)
==25270== by 0x50C147F: Curl_connect (in /usr/lib/libcurl.so.4.2.0)
==25270== by 0x50CC5D2: ??? (in /usr/lib/libcurl.so.4.2.0)
==25270== by 0x41D5F5: Heartbeat::send() (CurlSession.hpp:233)

It's 64 bytes for each call to curl_easy_perform, I do call
curl_easy_cleanup and curl_global_cleanup.

When I store my client certificate and keyfile in two PEMs and set
CURLOPT_SSLCERTTYPE and CURLOPT_SSLKEYTYPE to PEM and point them to the
two (different) files, it works without a memory leak.

When I change tht code so that CURLOPT_SSLCERTTYPE and
CURLOPT_SSLKEYTYPE are set to P12 and both CURLOPT_SSLCERT and
CURLOPT_SSLKEY point to the (same) PKCS#12 file, I see above memory leak.

Is this fixed already or is this behaviour known? Can I manually work
around it by manually freeing the PKCS#12 context of OpenSSL?

Best regards,
Joe
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2012-01-17