[glib-networking/gtlsconnection-certificate_leak: 2/2] GTlsConnection: fix leak of the certificate chain

From: Michael Catanzaro <mcatanzaro src gnome org>
To: commits-list gnome org
Cc:
Subject: [glib-networking/gtlsconnection-certificate_leak: 2/2] GTlsConnection: fix leak of the certificate chain
Date: Sat, 7 Sep 2019 15:17:36 +0000 (UTC)

commit 87cfac4cc2026ea5ee2e4b148f7d50c2fc1aacf2
Author: Claudio Saavedra <csaavedra igalia com>
Date:   Wed Sep 4 15:17:25 2019 +0300

    GTlsConnection: fix leak of the certificate chain
    
    g_set_object() increases the reference count on the setting object, but
    retrieve_peer_certificate() does a full transfer of the returned
    certificate already, hence there's an extra reference that is
    never decreased.
    
    Valgrind output:
    
    ==30427== 52,009 (72 direct, 51,937 indirect) bytes in 1 blocks are definitely lost in loss record 2,881 
of 2,894
    ==30427==    at 0x483577F: malloc (vg_replace_malloc.c:309)
    ==30427==    by 0x49581F5: g_malloc (gmem.c:99)
    ==30427==    by 0x497344F: g_slice_alloc (gslice.c:1024)
    ==30427==    by 0x497348E: g_slice_alloc0 (gslice.c:1050)
    ==30427==    by 0x4A6AB69: g_type_create_instance (gtype.c:1849)
    ==30427==    by 0x4A50A85: g_object_new_internal (gobject.c:1827)
    ==30427==    by 0x4A51928: g_object_new_valist (gobject.c:2152)
    ==30427==    by 0x4A50686: g_object_new (gobject.c:1670)
    ==30427==    by 0x84FEBEB: g_tls_certificate_gnutls_new (gtlscertificate-gnutls.c:393)
    ==30427==    by 0x84FF777: g_tls_certificate_gnutls_build_chain (gtlscertificate-gnutls.c:719)
    ==30427==    by 0x85028B8: g_tls_connection_gnutls_retrieve_peer_certificate (gtlsconnection-gnutls.c:811)
    ==30427==    by 0x8508C93: update_peer_certificate_and_compute_errors (gtlsconnection-base.c:1237)
    ==30427==    by 0x8508D9F: accept_or_reject_peer_certificate (gtlsconnection-base.c:1260)
    ==30427==    by 0x495224C: g_idle_dispatch (gmain.c:5617)
    ==30427==    by 0x494F6F2: g_main_dispatch (gmain.c:3179)
    ==30427==    by 0x495055A: g_main_context_dispatch (gmain.c:3844)

 tls/base/gtlsconnection-base.c | 1 +
 1 file changed, 1 insertion(+)
---
diff --git a/tls/base/gtlsconnection-base.c b/tls/base/gtlsconnection-base.c
index 2ff9160..76efab1 100644
--- a/tls/base/gtlsconnection-base.c
+++ b/tls/base/gtlsconnection-base.c
@@ -1240,6 +1240,7 @@ update_peer_certificate_and_compute_errors (GTlsConnectionBase *tls)
     peer_certificate_errors = verify_peer_certificate (tls, peer_certificate);
 
   g_set_object (&priv->peer_certificate, peer_certificate);
+  g_clear_object (&peer_certificate);
 
   priv->peer_certificate_errors = peer_certificate_errors;

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]