[Python-bugs-list] [ python-Bugs-461358 ] SSL constructor/destructor bugs

noreply@sourceforge.net noreply@sourceforge.net
Wed, 10 Oct 2001 15:40:46 -0700 

Bugs item #461358, was opened at 2001-09-13 14:17
You can respond by visiting: 
http://sourceforge.net/tracker/?func=detail&atid=105470&aid=461358&group_id=5470

Category: Python Library
Group: Python 2.1.1
>Status: Closed
>Resolution: Fixed
Priority: 5
Submitted By: Nobody/Anonymous (nobody)
Assigned to: Jeremy Hylton (jhylton)
Summary: SSL constructor/destructor bugs

Initial Comment:
routine newSSLObject() in socketmodule.c does not 
initialize variables which SSL_dealloc() frees.

SSL_dealloc() calls SSL_CTX_free() and then SSL_free
().  However, SSL_free() also frees the CTX.

in SSLObject, variable 'x_attr' seems to be 
unnecessary and maybe the source of a memory leak.



----------------------------------------------------------------------

>Comment By: Jeremy Hylton (jhylton)
Date: 2001-10-10 15:40

Message:
Logged In: YES 
user_id=31392

newSSLObject() now invitializes the variables it frees.  It
looks like SSL_dealloc() should call both SSL_CTX_free() and
SSL_free(), because we have two separate references to the
context that both need to be accounted for.


----------------------------------------------------------------------

Comment By: Jeremy Hylton (jhylton)
Date: 2001-10-09 19:39

Message:
Logged In: YES 
user_id=31392

You're sure right about the memory leak!  It calls
PyDict_New(), stores the result in x_attr, and later sets
x_attr to NULL.


----------------------------------------------------------------------

Comment By: Gerhard Häring (ghaering)
Date: 2001-09-16 21:00

Message:
Logged In: YES 
user_id=163326

Hello! I'm pretty new to OpenSSL, but I'm trying my best to
nail the recently reported SSL bugs down. I could confirm
everything you state here.

The docs didn't say anything about SSL_free() freeing the
CTX, but the OpenSSL source says yes, it does.

If you'd log in next time, that would ease communication :-)

I'll soon (0-2 days) submit a patch that tries to fix some
of the recently reported problems. I'll also try to bug a
few people proficient in Python & OpenSSL to review my
patch. You seem to be knowledgable in both, so another pair
of eyes won't hurt.

Btw. I can be reached at gerhard@bigfoot.de


----------------------------------------------------------------------

You can respond by visiting: 
http://sourceforge.net/tracker/?func=detail&atid=105470&aid=461358&group_id=5470