#467 memory leak when using SSL

[Nikolay Stanchenko]

We developed some SOAP client and there are memory leaks
when using SSL. When switching SSL off (without recompiling source - only changing service URL) there is
no memory leak.

[Nikolay Stanchenko]

Logged In: YES
user_id=2013483
Originator: YES

File Added: ssl_mem_debug.log

[Nikolay Stanchenko]

This is a OpenSSL memory debug file

[Nikolay Stanchenko]

Logged In: YES
user_id=2013483
Originator: YES

I think some problem in allocation information about SSL connection (RSA keys, X509 certificates etc).
This memory debug file was produced when compiling OPENSSL with option CRYPTO_MDEBUG.
If we look into file we can find that there are four X509 structures and four are leaked in memory.
This file was produced in single SSL_connect() session, i.e one call of SOAP method, after making call we do
soap_done();

Printing memdebug of openssl I've incorporated into your code:

soap_done(struct soap *soap)
{
....
if (soap->ctx)
{ SSL_CTX_free(soap->ctx);
soap->ctx = NULL;
}

FILE *fp_mem = fopen("ssl_mem_debug.log","w+t");
CRYPTO_mem_leaks_fp(fp_mem);
if (fp_mem != NULL) fclose(fp_mem);

....
}

Operation system is Windows XP SP2

[Nikolay Stanchenko]

Logged In: YES
user_id=2013483
Originator: YES

Version of gSOAP is 2.7.10 - last

[Robert van Engelen]

Logged In: YES
user_id=354274
Originator: NO

The log is not very helpful. Also, there are no leaks reported for the Unix/Linux gSOAP engines that run with OpenSSL. Maybe there is an extra OpenSSL-specific call needed for Windows?

Normally the soap->ssl and error states are deleted when a disconnect occurs. To force this in soap_done() as well, use this code in soap_done():

#ifdef WITH_OPENSSL
ERR_remove_state(0);
if (soap->ssl)
{ SSL_free(soap->ssl);
soap->ssl = NULL;
}
if (soap->ctx)
{ SSL_CTX_free(soap->ctx);
soap->ctx = NULL;
}
#endif