Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [nmap-svn] r19513 - nmap-exp/luis/nping-echo

From: David Fifield <david () bamsoftware com>
Date: Mon, 9 Aug 2010 08:05:04 -0600
On Fri, Aug 06, 2010 at 08:32:44AM -0700, commit-mailer () insecure org wrote:

Author: luis
Date: Fri Aug  6 08:32:44 2010
New Revision: 19513

Log:
Added the ability to cleanup OpenSSL context structures when they are no longer needed.

Modified:
   nmap-exp/luis/nping-echo/Crypto.cc

Modified: nmap-exp/luis/nping-echo/Crypto.cc
==============================================================================
--- nmap-exp/luis/nping-echo/Crypto.cc        (original)
+++ nmap-exp/luis/nping-echo/Crypto.cc        Fri Aug  6 08:32:44 2010
@@ -201,9 +202,25 @@
              * However I've tested this for hours and everything works fine. The
              * full buffer is decrypted correctly, from the first to the last byte,
              * so we return OP_SUCCESS even if OpenSSL says the opossite. */
-            //return OP_FAILURE;
+
+            /* NOTE for developers debugging memory issues with Valgrind:
+             * None of these seems to free OpenSSL's internal error structures.
+             * Valgrind currently reports things like:
+             ==12849== 592 bytes in 1 blocks are still reachable in loss record 7 of 9
+            ==12849==    at 0x4C284A8: malloc (vg_replace_malloc.c:236)
+            ==12849==    by 0x531BF21: CRYPTO_malloc (in /lib/libcrypto.so.0.9.8)
+            ==12849==    by 0x537F25D: ERR_get_state (in /lib/libcrypto.so.0.9.8)
+            ==12849==    by 0x537E7BE: ERR_put_error (in /lib/libcrypto.so.0.9.8)
+            ==12849==    by 0x5381EB0: EVP_DecryptFinal_ex (in /lib/libcrypto.so.0.9.8)
+            ==12849==    by 0x429A49: Crypto::aes128_cbc_decrypt(unsigned char*...
+            ==12849==    by 0x41ABBA: EchoHeader::decrypt(unsigned char*, unsign...
+             */


When Brandon and I were debugging some memory problem, we couldn't get
OpenSSL to completely deallocate all it memory. You can define a
"suppressions file" that will make Valgrind not report known errors that
you can't get rid of. I used to have one for Nmap with OpenSSL, but I've
lost it.

I found it easier to recompile OpenSSL with -DPURIFY. That got rid of
all the Valgrind errors and I haven't had a problem since.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: