search

intel / QAT_Engine

Intel QuickAssist Technology( QAT) OpenSSL Engine (an OpenSSL Plug-In Engine) which provides cryptographic acceleration for both hardware and optimized software using Intel QuickAssist Technology enabled Intel platforms. https://developer.intel.com/quickassist
BSD 3-Clause "New" or "Revised" License
400 stars 127 forks source link

a code security scanner reports a resource leak in qat_hw_ecx.c #320

Closed nefigtut closed 1 month ago

nefigtut commented 3 months ago

hi, openscanhub code security scanner reports a number of resource leaks in the qatengine code:

Defect type: RESOURCE_LEAK QAT_Engine-1.6.0/qat_hw_ecx.c:557:13: leaked_storage: Freeing "key" without freeing its pointer field "lock" leaks the storage that "lock" points to. QAT_Engine-1.6.0/qat_hw_ecx.c:315:9: leaked_storage: Freeing "key" without freeing its pointer field "lock" leaks the storage that "lock" points to. QAT_Engine-1.6.0/qat_hw_ecx.c:249:9: leaked_storage: Freeing "key" without freeing its pointer field "lock" leaks the storage that "lock" points to.

indeed, ECX_KEY *key is allocated and in certain cases its .lock field is initiated and a lock structure is allocated. later, when key is freed by OPENSSL_free(key) then key->lock is not freed but leaked:

ECX_KEY *key = NULL;
key = OPENSSL_zalloc(sizeof(*key));
...
#ifdef QAT_OPENSSL_3
# if OPENSSL_VERSION_NUMBER < 0x30200000
    key->references = 1;
    key->lock = CRYPTO_THREAD_lock_new(); ### key->lock is allocated
# else
    key->references.val = 1;
# endif
#endif
...
OPENSSL_free(key); ### key->lock is leaked

It looks like CRYPTO_THREAD_lock_free() (?? not sure here) should be added to all instances of OPENSSL_free(key).

venkatesh6911 commented 3 months ago

Hi @nefigtut , thank you for raising the issue. We will look into this.

venkatesh6911 commented 2 months ago

Can you give the reproduction steps with openscanhub security scanner ?

nefigtut commented 1 month ago

hi, unfortunately, not. i have used our internal corporate osh instance which is not accessible from the outside. i'm not sure here, osh home page (https://openscanhub.dev/) says:

How to use it? It is running as a Fedora service (you would need Fedora's infrastructure access credentials). Alternatively, you can use it on your local system by following the developer documentation.

alternatively, i believe, if you provide me a fixed package, i can scan it in our internal instance.

venkatesh6911 commented 1 month ago

The mem leak issues had been fixed based on the details you provided. We could not reproduce the issues with the security scanner though. We will release the package in the mid September.

nefigtut commented 1 month ago

thank you, Venkatesh, most appreciated.