cURL / Mailing Lists / curl-library / Single Mail

curl-library

an OpenSSL memory leak per-thread

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Thu, 18 Aug 2016 23:26:24 +0200 (CEST)

Friends!

Issue #964 was filed yesterday, identifying yet another memory leak with
libcurl using OpenSSL. I suppose it says something when we still after 17
years of working with the OpenSSL API keep finding ourselves leak memory by
not understanding how to clean it up properly...

This time, it turns out that OpenSSL stores its error queue in a per-thread
local storage so if you create several thread and use libcurl in them, there
will be a memory leak for each thread.

We call the clean-up function (ERR_remove_thread_state), but only from within
curl_global_cleanup(), which we document to only be used by applications once
per process. We don't have any function that applications call before they
terminate a thread.

This bug concerns libcurl built to use OpenSSL 1.0.2 or 1.0.1 but NOT the
upcoming OpenSSL 1.1.0 branch. And again, it leaks memory when you terminate
threads that used libcurl.

The only remedy we can suggest right now, is that the application itself calls
ERR_remove_thread_state() before a thread is killed. And that's a rather ugly
work-around I think.

One fix would be to introduce a curl_thread_cleanup() function for
applications to call before they terminate a thread, but I hesitate to do that
since this is the only use for it and OpenSSL 1.1.0 is just around the corner.
But I also don't have any other good ideas on a fix.

There are some further discussions of ideas in the issue on github.

Any ideas?

#964 = https://github.com/curl/curl/issues/964

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
List admin: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:  https://curl.haxx.se/mail/etiquette.html
Received on 2016-08-18