From c-dev-return-21732-apmail-axis-c-dev-archive=axis.apache.org@axis.apache.org Mon Jun 28 15:03:28 2010 Return-Path: Delivered-To: apmail-axis-c-dev-archive@www.apache.org Received: (qmail 8270 invoked from network); 28 Jun 2010 15:03:28 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 28 Jun 2010 15:03:28 -0000 Received: (qmail 48941 invoked by uid 500); 28 Jun 2010 15:03:28 -0000 Delivered-To: apmail-axis-c-dev-archive@axis.apache.org Received: (qmail 48881 invoked by uid 500); 28 Jun 2010 15:03:27 -0000 Mailing-List: contact c-dev-help@axis.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Apache AXIS C Developers List" Delivered-To: mailing list c-dev@axis.apache.org Received: (qmail 48873 invoked by uid 99); 28 Jun 2010 15:03:27 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 28 Jun 2010 15:03:27 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED,T_FRT_SLUT X-Spam-Check-By: apache.org Received: from [140.211.11.22] (HELO thor.apache.org) (140.211.11.22) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 28 Jun 2010 15:03:24 +0000 Received: from thor (localhost [127.0.0.1]) by thor.apache.org (8.13.8+Sun/8.13.8) with ESMTP id o5SF32M4018944 for ; Mon, 28 Jun 2010 15:03:02 GMT Message-ID: <14528281.92961277737382587.JavaMail.jira@thor> Date: Mon, 28 Jun 2010 11:03:02 -0400 (EDT) From: "Steve Leland (JIRA)" To: c-dev@axis.apache.org Subject: [jira] Issue Comment Edited: (AXIS2C-1237) SSL related memory leak MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 X-Virus-Checked: Checked by ClamAV on apache.org [ https://issues.apache.org/jira/browse/AXIS2C-1237?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12883168#action_12883168 ] Steve Leland edited comment on AXIS2C-1237 at 6/28/10 11:01 AM: ---------------------------------------------------------------- Hi, I am running on Windows Server 2008 R2, using a build I made Saturday (svn 957643) which staticly links in Openssl 0.9.8o, and find it to have the same problems as the 1.6.0 release in not being able to properly terminate its ssl processing - which leads to the stack reported in this bug report. The problem starts in http_sender.c axis2_http_sender_process_response(), where the ssl stream is added to a property which uses axutil_stream_free_void_arg as the free_func. For ssl streams it should be axis2_ssl_stream_free(). The next issue is that the socket is closed prematurely by Axis2c code in http_client.c axis2_http_client_free(). Openssl's SSL_shutdown() and SSL_Free() should be allowed to do that when their internal reference counts indicate it's time. The final issue issue is that the SSL structure is never freed in ssl_utils.c axis2_ssl_utils_cleanup_ssl with a call to SSL_free(). Diffs: Index: src/core/transport/http/sender/http_client.c =================================================================== --- src/core/transport/http/sender/http_client.c (revision 958144) +++ src/core/transport/http/sender/http_client.c (working copy) @@ -120,7 +120,15 @@ } if(-1 != http_client->sockfd) { +#ifdef AXIS2_SSL_ENABLED + if (http_client->data_stream->stream_type == AXIS2_STREAM_SOCKET) + axutil_network_handler_close_socket(env, http_client->sockfd); +// else // ssl streams are AXIS2_STREAM_BASIC +// will be handled in SSL_shutdown() +#else axutil_network_handler_close_socket(env, http_client->sockfd); +#endif + http_client->sockfd = -1; } Index: src/core/transport/http/sender/http_sender.c =================================================================== --- src/core/transport/http/sender/http_sender.c (revision 958144) +++ src/core/transport/http/sender/http_sender.c (working copy) @@ -43,6 +43,13 @@ #define CLIENT_NONCE_LENGTH 8 #endif +// expose private function is sender\ssl\ssl_stream. +#ifdef AXIS2_SSL_ENABLED +void AXIS2_CALL axis2_ssl_stream_free( + axutil_stream_t * stream, + const axutil_env_t * env); +#endif + struct axis2_http_sender { axis2_char_t *http_version; @@ -1594,7 +1601,16 @@ response, env)); property = axutil_property_create(env); axutil_property_set_scope(property, env, AXIS2_SCOPE_REQUEST); - axutil_property_set_free_func(property, env, axutil_stream_free_void_arg); +// fix ssl memory leak +#ifdef AXIS2_SSL_ENABLED + if (in_stream->stream_type == AXIS2_STREAM_SOCKET) + axutil_property_set_free_func (property, env, axutil_stream_free_void_arg); + else // ssl streams are AXIS2_STREAM_BASIC + axutil_property_set_free_func (property, env, axis2_ssl_stream_free); +#else + axutil_property_set_free_func (property, env, axutil_stream_free_void_arg); +#endif + axutil_property_set_value(property, env, in_stream); axis2_msg_ctx_set_property(msg_ctx, env, AXIS2_TRANSPORT_IN, property); AXIS2_LOG_TRACE(env->log, AXIS2_LOG_SI, "Exit:axis2_http_sender_process_response"); Index: src/core/transport/http/sender/ssl/ssl_utils.c =================================================================== --- src/core/transport/http/sender/ssl/ssl_utils.c (revision 958144) +++ src/core/transport/http/sender/ssl/ssl_utils.c (working copy) @@ -214,7 +214,10 @@ if (ssl) { - SSL_shutdown(ssl); + if (SSL_shutdown(ssl) == 0) + { + SSL_free(ssl); + } } if (ctx) { Regards, Steve was (Author: stevel): Hi, I am running on Windows Server 2008 R2, using a build I made Saturday (svn 957643) which staticly links in Openssl 0.9.8o, and find it to have the same problems as the 1.6.0 release in not being able to properly terminate its ssl processing. The problem starts in http_sender.c axis2_http_sender_process_response(), where the ssl stream is added to a property which uses axutil_stream_free_void_arg as the free_func. For ssl streams it should be axis2_ssl_stream_free(). The next issue is that the socket is closed prematurely by Axis2c code in http_client.c axis2_http_client_free(). Openssl's SSL_shutdown() and SSL_Free() should be allowed to do that when their internal reference counts indicate it's time. The final issue issue is that the SSL structure is never freed in ssl_utils.c axis2_ssl_utils_cleanup_ssl with a call to SSL_free(). Diffs: Index: src/core/transport/http/sender/http_client.c =================================================================== --- src/core/transport/http/sender/http_client.c (revision 958144) +++ src/core/transport/http/sender/http_client.c (working copy) @@ -120,7 +120,15 @@ } if(-1 != http_client->sockfd) { +#ifdef AXIS2_SSL_ENABLED + if (http_client->data_stream->stream_type == AXIS2_STREAM_SOCKET) + axutil_network_handler_close_socket(env, http_client->sockfd); +// else // ssl streams are AXIS2_STREAM_BASIC +// will be handled in SSL_shutdown() +#else axutil_network_handler_close_socket(env, http_client->sockfd); +#endif + http_client->sockfd = -1; } Index: src/core/transport/http/sender/http_sender.c =================================================================== --- src/core/transport/http/sender/http_sender.c (revision 958144) +++ src/core/transport/http/sender/http_sender.c (working copy) @@ -43,6 +43,13 @@ #define CLIENT_NONCE_LENGTH 8 #endif +// expose private function is sender\ssl\ssl_stream. +#ifdef AXIS2_SSL_ENABLED +void AXIS2_CALL axis2_ssl_stream_free( + axutil_stream_t * stream, + const axutil_env_t * env); +#endif + struct axis2_http_sender { axis2_char_t *http_version; @@ -1594,7 +1601,16 @@ response, env)); property = axutil_property_create(env); axutil_property_set_scope(property, env, AXIS2_SCOPE_REQUEST); - axutil_property_set_free_func(property, env, axutil_stream_free_void_arg); +// fix ssl memory leak +#ifdef AXIS2_SSL_ENABLED + if (in_stream->stream_type == AXIS2_STREAM_SOCKET) + axutil_property_set_free_func (property, env, axutil_stream_free_void_arg); + else // ssl streams are AXIS2_STREAM_BASIC + axutil_property_set_free_func (property, env, axis2_ssl_stream_free); +#else + axutil_property_set_free_func (property, env, axutil_stream_free_void_arg); +#endif + axutil_property_set_value(property, env, in_stream); axis2_msg_ctx_set_property(msg_ctx, env, AXIS2_TRANSPORT_IN, property); AXIS2_LOG_TRACE(env->log, AXIS2_LOG_SI, "Exit:axis2_http_sender_process_response"); Index: src/core/transport/http/sender/ssl/ssl_utils.c =================================================================== --- src/core/transport/http/sender/ssl/ssl_utils.c (revision 958144) +++ src/core/transport/http/sender/ssl/ssl_utils.c (working copy) @@ -214,7 +214,10 @@ if (ssl) { - SSL_shutdown(ssl); + if (SSL_shutdown(ssl) == 0) + { + SSL_free(ssl); + } } if (ctx) { Regards, Steve > SSL related memory leak > ----------------------- > > Key: AXIS2C-1237 > URL: https://issues.apache.org/jira/browse/AXIS2C-1237 > Project: Axis2-C > Issue Type: Bug > Components: transport/http > Affects Versions: 1.4.0 > Environment: Fedora 9 (i386), openssl-0.9.8g-9.fc9 > Reporter: Rafal Metkowski > Assignee: S.Uthaiyashankar > Fix For: 1.7.0 > > > I've written small client using Axis2C and I've noticed memory leaks > when connecting to service with https. > I've checked with the valgrind and got following results: > valgrind --leak-check=full > ==8057== 58,000 (292 direct, 57,708 indirect) bytes in 1 blocks are > definitely lost in loss record 9 of 9 > ==8057== at 0x4006AEE: malloc (vg_replace_malloc.c:207) > ==8057== by 0x7B4E4CD: (within /lib/libcrypto.so.0.9.8g) > ==8057== by 0x7B4EB4E: CRYPTO_malloc (in /lib/libcrypto.so.0.9.8g) > ==8057== by 0x34C529: SSL_new (in /lib/libssl.so.0.9.8g) > ==8057== by 0x40EB9C2: axis2_ssl_utils_initialize_ssl (ssl_utils.c:133) > ==8057== by 0x40EB7E6: axutil_stream_create_ssl (ssl_stream.c:104) > ==8057== by 0x40EABB1: axis2_http_client_send (http_client.c:216) > ==8057== by 0x40E8A9D: axis2_http_sender_send (http_sender.c:1064) > ==8057== by 0x40E32B4: axis2_http_transport_sender_write_message > (http_transport_sender.c:771) > ==8057== by 0x40E3AC3: axis2_http_transport_sender_invoke > (http_transport_sender.c:306) > ==8057== by 0x407DF6A: axis2_engine_send (engine.c:176) > ==8057== by 0x40A5BAB: axis2_op_client_two_way_send (op_client.c:1157) > ....... > ==8057== LEAK SUMMARY: > ==8057== definitely lost: 332 bytes in 4 blocks. > ==8057== indirectly lost: 57,900 bytes in 596 blocks. > ==8057== possibly lost: 0 bytes in 0 blocks. > ==8057== still reachable: 28,292 bytes in 1,887 blocks. > ==8057== suppressed: 0 bytes in 0 blocks. > As I expected when I changed https to plain http the problem disapeared: > ==9065== LEAK SUMMARY: > ==9065== definitely lost: 40 bytes in 3 blocks. > ==9065== indirectly lost: 192 bytes in 6 blocks. > ==9065== possibly lost: 0 bytes in 0 blocks. > ==9065== still reachable: 300 bytes in 3 blocks. > ==9065== suppressed: 0 bytes in 0 blocks. > I looked at the code and it seems axis2_ssl_utils_cleanup_ssl function isn't called in case of successful connection. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online. --------------------------------------------------------------------- To unsubscribe, e-mail: c-dev-unsubscribe@axis.apache.org For additional commands, e-mail: c-dev-help@axis.apache.org