diff options
author | Jean-Paul Calderone <exarkun@twistedmatrix.com> | 2014-04-01 17:35:30 -0400 |
---|---|---|
committer | Jean-Paul Calderone <exarkun@twistedmatrix.com> | 2014-04-01 17:35:30 -0400 |
commit | d254e2426eacdc9dc37497ac349d9b49ae808e95 (patch) | |
tree | 4c5f4718903b1f17b7188a1e9a8acf77df9fdfe9 | |
parent | e625d0cfefd725f181e7755d4c3a21d879fdc5e9 (diff) | |
parent | 070c35669d18c6d385b7e14e2eed40e6feb68d65 (diff) | |
download | pyopenssl-d254e2426eacdc9dc37497ac349d9b49ae808e95.tar.gz |
Merge pull request #74 from jgiannuzzi/fix_crl_memory_leak
Fix a memory leak in the CRL class's handling of the serial number and revocation date.
-rw-r--r-- | ChangeLog | 7 | ||||
-rw-r--r-- | OpenSSL/crypto.py | 2 | ||||
-rw-r--r-- | leakcheck/crypto.py | 46 |
3 files changed, 54 insertions, 1 deletions
@@ -17,6 +17,13 @@ * OpenSSL/tsafe.py: Replace the use of ``apply`` (which has been removed in Python 3) with the equivalent syntax. +2014-03-28 Jonathan Giannuzzi <jonathan@giannuzzi.be> + + * OpenSSL/crypto.py: Fix memory leak in _X509_REVOKED_dup. + * leakcheck/crypto.py: Add checks for _X509_REVOKED_dup, CRL.add_revoked + and CRL.get_revoked. + * setup.py: Require cryptography 0.3 to have the ASN1_TIME_free binding. + 2014-03-02 Stephen Holsapple <sholsapp@gmail.com> * OpenSSL/crypto.py: Add ``get_extensions`` method to ``X509Req``. diff --git a/OpenSSL/crypto.py b/OpenSSL/crypto.py index ed0b629..65e28d7 100644 --- a/OpenSSL/crypto.py +++ b/OpenSSL/crypto.py @@ -1323,9 +1323,11 @@ def _X509_REVOKED_dup(original): _raise_current_error() if original.serialNumber != _ffi.NULL: + _lib.ASN1_INTEGER_free(copy.serialNumber) copy.serialNumber = _lib.ASN1_INTEGER_dup(original.serialNumber) if original.revocationDate != _ffi.NULL: + _lib.ASN1_TIME_free(copy.revocationDate) copy.revocationDate = _lib.M_ASN1_TIME_dup(original.revocationDate) if original.extensions != _ffi.NULL: diff --git a/leakcheck/crypto.py b/leakcheck/crypto.py index 6a9af92..f5fe2f8 100644 --- a/leakcheck/crypto.py +++ b/leakcheck/crypto.py @@ -4,7 +4,10 @@ import sys from OpenSSL.crypto import ( - FILETYPE_PEM, TYPE_DSA, Error, PKey, X509, load_privatekey) + FILETYPE_PEM, TYPE_DSA, Error, PKey, X509, load_privatekey, CRL, Revoked, + _X509_REVOKED_dup) + +from OpenSSL._util import lib as _lib @@ -101,6 +104,47 @@ FCB5K3c2kkTv2KjcCAimjxkE+SBKfHg35W0wB0AWkXpVFO5W/TbHg4tqtkpt/KMn pass + +class Checker_CRL(BaseChecker): + """ + Leak checks for L{CRL.add_revoked} and L{CRL.get_revoked}. + """ + def check_add_revoked(self): + """ + Call the add_revoked method repeatedly on an empty CRL. + """ + for i in xrange(self.iterations * 200): + CRL().add_revoked(Revoked()) + + + def check_get_revoked(self): + """ + Create a CRL object with 100 Revoked objects, then call the + get_revoked method repeatedly. + """ + crl = CRL() + for i in xrange(100): + crl.add_revoked(Revoked()) + for i in xrange(self.iterations): + crl.get_revoked() + + + +class Checker_X509_REVOKED_dup(BaseChecker): + """ + Leak checks for :py:obj:`_X509_REVOKED_dup`. + """ + def check_X509_REVOKED_dup(self): + """ + Copy an empty Revoked object repeatedly. The copy is not garbage + collected, therefore it needs to be manually freed. + """ + for i in xrange(self.iterations * 100): + revoked_copy = _X509_REVOKED_dup(Revoked()._revoked) + _lib.X509_REVOKED_free(revoked_copy) + + + def vmsize(): return [x for x in file('/proc/self/status').readlines() if 'VmSize' in x] |