[New-bugs-announce] [issue13458] _ssl memory leak in _get_peer_alt_names
Robert Xiao
report at bugs.python.org
Wed Nov 23 00:46:25 CET 2011
New submission from Robert Xiao <nneonneo at gmail.com>:
_ssl.c has a memory leak in _get_peer_alt_names.
The `names' object is initialized here:
Modules/_ssl.c:601:
if (method->it)
names = (GENERAL_NAMES*)
(ASN1_item_d2i(NULL,
&p,
ext->value->length,
ASN1_ITEM_ptr(method->it)));
else
names = (GENERAL_NAMES*)
(method->d2i(NULL,
&p,
ext->value->length));
However, `names' is not freed after use, so it simply leaks.
Trivial patch:
--- a/Modules/_ssl.c 2011-09-03 12:16:46.000000000 -0400
+++ b/Modules/_ssl.c 2011-11-22 19:41:12.000000000 -0400
@@ -679,6 +679,8 @@
}
Py_DECREF(t);
}
+
+ sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);
}
BIO_free(biobuf);
if (peer_alt_names != Py_None) {
I tested this with a private certificate containing a subjectAltName field, and the following code:
import ssl, socket
sock = ssl.wrap_socket(socket.socket(), cert_reqs=ssl.CERT_REQUIRED)
sock.connect(('localhost', 443))
for i in range(100000):
x=sock._sslobj.peer_certificate()
Before this change, Python's memory usage would continually increase to about 45MB at the end of the loop. After this change, the memory usage stays constant at around 6MB.
----------
components: Library (Lib)
messages: 148154
nosy: nneonneo
priority: normal
severity: normal
status: open
title: _ssl memory leak in _get_peer_alt_names
type: resource usage
versions: Python 3.2
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue13458>
_______________________________________
More information about the New-bugs-announce
mailing list