Nmap Development mailing list archives
Re: [nmap-svn] r19513 - nmap-exp/luis/nping-echo
From: David Fifield <david () bamsoftware com>
Date: Mon, 9 Aug 2010 08:05:04 -0600
On Fri, Aug 06, 2010 at 08:32:44AM -0700, commit-mailer () insecure org wrote:
Author: luis Date: Fri Aug 6 08:32:44 2010 New Revision: 19513 Log: Added the ability to cleanup OpenSSL context structures when they are no longer needed. Modified: nmap-exp/luis/nping-echo/Crypto.cc Modified: nmap-exp/luis/nping-echo/Crypto.cc ============================================================================== --- nmap-exp/luis/nping-echo/Crypto.cc (original) +++ nmap-exp/luis/nping-echo/Crypto.cc Fri Aug 6 08:32:44 2010 @@ -201,9 +202,25 @@ * However I've tested this for hours and everything works fine. The * full buffer is decrypted correctly, from the first to the last byte, * so we return OP_SUCCESS even if OpenSSL says the opossite. */ - //return OP_FAILURE; + + /* NOTE for developers debugging memory issues with Valgrind: + * None of these seems to free OpenSSL's internal error structures. + * Valgrind currently reports things like: + ==12849== 592 bytes in 1 blocks are still reachable in loss record 7 of 9 + ==12849== at 0x4C284A8: malloc (vg_replace_malloc.c:236) + ==12849== by 0x531BF21: CRYPTO_malloc (in /lib/libcrypto.so.0.9.8) + ==12849== by 0x537F25D: ERR_get_state (in /lib/libcrypto.so.0.9.8) + ==12849== by 0x537E7BE: ERR_put_error (in /lib/libcrypto.so.0.9.8) + ==12849== by 0x5381EB0: EVP_DecryptFinal_ex (in /lib/libcrypto.so.0.9.8) + ==12849== by 0x429A49: Crypto::aes128_cbc_decrypt(unsigned char*... + ==12849== by 0x41ABBA: EchoHeader::decrypt(unsigned char*, unsign... + */
When Brandon and I were debugging some memory problem, we couldn't get OpenSSL to completely deallocate all it memory. You can define a "suppressions file" that will make Valgrind not report known errors that you can't get rid of. I used to have one for Nmap with OpenSSL, but I've lost it. I found it easier to recompile OpenSSL with -DPURIFY. That got rid of all the Valgrind errors and I haven't had a problem since. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: [nmap-svn] r19513 - nmap-exp/luis/nping-echo David Fifield (Aug 09)
- Re: [nmap-svn] r19513 - nmap-exp/luis/nping-echo Luis MartinGarcia. (Aug 09)