[xmlsec] memory leak in xmlSecReplaceContent

Thu Jun 17 07:37:35 PDT 2004

Hi,
  I found a memory leak in the xmlSecReplaceContent function.

I run a modified version of the encrypt3 example from the
http://www.aleksey.com/xmlsec/download/xmlsec1-1.2.5.tar.gz
source distribution. The only modification is I changed
the encryption type from 'xmlSecTypeEncElement' to
'xmlSecTypeEncContent' (see attachment).
Command line was:

    ./encrypt3 encrypt3-doc.xml rsakey.pem > encrypt3-res.xml

The memory leak is:

60 bytes in 1 blocks are definitely lost in loss record 3 of 4
    at 0x3C01E308: malloc (vg_replace_malloc.c:105)
    by 0x3C19070E: xmlNewNode (tree.c:2130)
    by 0x3C1908A4: xmlNewDocNode (tree.c:2210)
    by 0x3C137096: xmlSecReplaceContent (../../src/xmltree.c:469)
    by 0x3C134A58: xmlSecEncCtxXmlEncrypt (../../src/xmlenc.c:465)
    by 0x804971E: encrypt_file (encrypt3.c:293)
    by 0x804920E: main (encrypt3.c:108)

the 'dummy' node created in xmlSecReplaceContent (../../src/xmltree.c:469):

     dummy = xmlNewDocNode(newNode->doc, NULL, BAD_CAST "dummy", NULL);

is not freed.

I'm not familiar with the implementation of the function, but it seems that

     xmlFreeNode(dummy);

before the return from the function may help.

BTW: walking thru xmlSec sources a missing test for
non-NULL-ness of encCtx->type came out at line 464.

best regards,
  Tomas

-------------- next part --------------

--- encrypt3.c	Mon Jan 12 22:06:13 2004
+++ encrypt3.c.new	Thu Jun 17 16:05:49 2004
@@ -228,7 +228,7 @@
     /* create encryption template to encrypt XML file and replace 
      * its content with encryption result */
     encDataNode = xmlSecTmplEncDataCreate(doc, xmlSecTransformDes3CbcId,
-				NULL, xmlSecTypeEncElement, NULL, NULL);
+				NULL, xmlSecTypeEncContent, NULL, NULL);
     if(encDataNode == NULL) {
 	fprintf(stderr, "Error: failed to create encryption template\n");
 	goto done;   
