This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

classification
Title: memory leak in _ssl.c, function load_cert_chain
Type: resource usage Stage: resolved
Components: Extension Modules Versions: Python 2.7
process
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: Nosy List: alex, christian.heimes, dstufft, giampaolo.rodola, janssen, pitrou, python-dev, rhaist
Priority: normal Keywords:

Created on 2016-06-08 09:40 by rhaist, last changed 2022-04-11 14:58 by admin. This issue is now closed.

Messages (2)
msg267820 - (view) Author: Ralph Haist (rhaist) Date: 2016-06-08 09:40
Test program:

$ cat sslTest.py
import ssl
ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
ctx.load_cert_chain("mycert.pem")
$

valgrind reports a memory leak if this test program is executed by python2.7 as follows:

==7266== 24 bytes in 1 blocks are definitely lost in loss record 564 of 2,578
==7266== at 0x4C2815D: malloc (vg_replace_malloc.c:299)
==7266== by 0x4BCDAA: convertsimple (getargs.c:1160)
==7266== by 0x4BCDAA: convertitem (getargs.c:514)
==7266== by 0x4BD841: vgetargskeywords (getargs.c:1618)
==7266== by 0x4BE47B: _PyArg_ParseTupleAndKeywords_SizeT (getargs.c:1464)
==7266== by 0x6DCFADC: load_cert_chain (_ssl.c:2536)
==7266== by 0x4AA75D: call_function (ceval.c:4350)
==7266== by 0x4AA75D: PyEval_EvalFrameEx (ceval.c:2987)
==7266== by 0x4AE209: PyEval_EvalCodeEx (ceval.c:3582)
==7266== by 0x4AE641: PyEval_EvalCode (ceval.c:669)
==7266== by 0x4CC9AD: run_mod (pythonrun.c:1370)
==7266== by 0x4CDAC1: PyRun_FileExFlags (pythonrun.c:1356)
==7266== by 0x4CE4C9: PyRun_SimpleFileExFlags (pythonrun.c:948)
==7266== by 0x4155FF: Py_Main (main.c:654)

After applying this patch to _ssl.c, the memory leak disappears:

$ diff -rc _ssl.c.org _ssl.c
*** _ssl.c.org 2016-05-18 14:18:39.093418625 +0200
--- _ssl.c 2016-05-18 14:41:50.215460826 +0200
***************
*** 2611,2616 ****
--- 2611,2617 ----
SSL_CTX_set_default_passwd_cb(self->ctx, orig_passwd_cb);
SSL_CTX_set_default_passwd_cb_userdata(self->ctx, orig_passwd_userdata);
PyMem_Free(pw_info.password);
+ PyMem_Free(certfile_bytes);
Py_RETURN_NONE;

error:
msg267964 - (view) Author: Roundup Robot (python-dev) (Python triager) Date: 2016-06-09 06:19
New changeset 66cd109f3f21 by Benjamin Peterson in branch '2.7':
stop leaking certfile_bytes (closes #27267)
https://hg.python.org/cpython/rev/66cd109f3f21
History
Date User Action Args
2022-04-11 14:58:32adminsetgithub: 71454
2016-06-09 06:19:08python-devsetstatus: open -> closed

nosy: + python-dev
messages: + msg267964

resolution: fixed
stage: resolved
2016-06-08 09:58:43SilentGhostsetnosy: + janssen, pitrou, giampaolo.rodola, christian.heimes, alex, dstufft
2016-06-08 09:40:22rhaistcreate