search

nabla-c0d3 / nassl

Experimental OpenSSL wrapper for Python 3.8+ and SSLyze.
GNU Affero General Public License v3.0
39 stars 35 forks source link

Memory leak in set0_trusted_stack and set0_untrusted #90

Open sconway-datto opened 2 years ago

sconway-datto commented 2 years ago

Continuing the conversation from this SSLyze issue: https://github.com/nabla-c0d3/sslyze/issues/560

In the following comment, I showed a simple test script that would illustrate that the nassl functions set0_trusted_stack and set0_untrusted appear to have memory leaks. Run as-is, the script will provide empty lists to both functions and leak memory.

https://github.com/nabla-c0d3/sslyze/issues/560#issuecomment-1108955907

nabla-c0d3 commented 2 years ago

SSLyze is going to switch to pyOpenSSL for path validation (https://github.com/nabla-c0d3/sslyze/issues/566) so the leaky code will not be used by SSLyze anymore. This is a comment I had put for troubleshooting the memory leak in nassl:

# TODO(AD): There is probably a memory leak in nassl.X509 or nassl.X509_STORE_CTX
#  https://github.com/nabla-c0d3/sslyze/issues/560
#  It might be due to bad reference counting in nassl_X509_STORE_CTX_set0_trusted_stack()
#  More specifically the call to X509_chain_up_ref() - is there corresponding call to decrease ref count?
#  As a workaround, we cache the (huge) list of trusted certificates, for each trust store