[PYTHON-CRYPTO] Memoryleak in SSL.Connection

Andre Reitz reitz at INWORKS.DE
Thu Apr 15 11:13:58 CEST 2004 

On Thu, 15 Apr 2004 08:48:04 +0800
Ng Pheng Siong <ngps at POST1.COM> wrote:

> On Wed, Apr 14, 2004 at 11:21:17AM +0200, Andre Reitz wrote:
> >  calling
> >     set_shutdown(SSL.SSL_SENT_SHUTDOWN|SSL.SSL_RECEIVED_SHUTDOWN)
> >  before destructor __del__ comes
> >  stops my multi-threaded server from hanging.
> >
> >  if I do not call
> >     set_shutdown(SSL.SSL_SENT_SHUTDOWN|SSL.SSL_RECEIVED_SHUTDOWN)
> >  the complete server sometimes hangs in
> >    m2.bio_free(self.sslbio)  of Connection.__del__
> >
> > Why?
> >   does bio_free still want to communicate with the client?
> >   (which is already disconnected?)
> 
> M2Crypto's bio_free calls OpenSSL API BIO_free calls OpenSSL internal
> ssl_free calls OpenSSL API SSL_shutdown and others.
> 
> SSL_shutdown tears down the SSL connection, including handling the closure
> alert messages I mentioned in the earlier post.
> 
> The statement set_shutdown(...) tells OpenSSL to not send nor wait for the
> closure alerts.
> 
> The alerts are actually a security feature that defends against *truncation
> attacks*.
> 
> I've been thinking of creating, say, classes SSL.SContext and
> SSL.SConnection that presents a simpler API, with more defaults and fewer
> methods.
> 
> OTOH, I'm reluctant to hide any security feature that inconveniences the
> app programmer under the hood because I think that's saying, "Trust me,
> I've figured this out and have decided for you what you need to know."
> 
> Trust me you can ;-) but decide for yourself you should.
> 
> What does the list think?
> 

Well I think that M2Crypto is ok as it is.

The only change I would make is:
add: 
  set_shutdown(SSL.SSL_SENT_SHUTDOWN|SSL.SSL_RECEIVED_SHUTDOWN)
to 
  Connection.__del__

(If the application-Programmer doesn't call close() or shutdown() 
 in a correct way)

I think that if the __del__ method gets called, and the connection
isn't really already "shutdown" the worst thing that could happen,
is that __del__ doesn't succeed in any case.

My approach would be to regard the __del__ method as some kind of
a "disconnect which always succeeds without problems or errors"-method.


Greetings, Andre'

> --
> Ng Pheng Siong <ngps at netmemetic.com>
> 
> http://firewall.rulemaker.net -+- Firewall Change Management & Version Control
> http://sandbox.rulemaker.net/ngps -+- ZServerSSL/Zope Windows Installers


-- 
__________________________________________________________________________

Als Technologieunternehmen konzipieren und entwickeln wir maßgeschneiderte Feedback- und
Monitoring-Systeme - wie beispielsweise Lösungen für Beschwerde- und Ideenmanagement.
Mit dem Inquery® Survey Server bieten wir eine der leistungsfähigsten Standardlösungen für
Online-Umfragen mit dem Schwerpunkt auf der Messung von Kundenzufriedenheit an.
__________________________________________________________________________


Inworks GmbH
Andre Reitz, Leiter Entwicklung
Hörvelsinger Weg 39, 89081 Ulm, Germany
Tel +49 (0) 731 / 93807-21
Fax +49(0)731/93807-18
Internet: http://www.inworks.de

More information about the python-crypto mailing list