[xmlsec] Memory leak ( Verify Signature using Invalid Transform type)

Aleksey Sanin aleksey at aleksey.com
Tue Sep 10 12:08:52 PDT 2013 

Just to follow up... I've tried to reproduce the issue with the current
git versions of both XMLSec and LibXML2 but I don't see the memory
leak. Looking at the code, the only possible scenario to have this leak
is a missing "close" callback from LibXML2 IO system. It might be either
version specific (i.e. bug in the old LibXML2) or it might be Windows
specific (I run tests on Linux + valgrind). I've looked at the current
LibXML2 code and I don't see any issues there. I wonder if Daniel can
remember any fixes in this area in the latest releases.

Best,

Aleksey

On 8/30/13 4:10 PM, Alexwell Sandro wrote:
> I am using xmlsec1-1.2.19
> 
> Documents attached:
> 
> *signature_enveloping_edited_invalid_transform.xml*
> Contains Xml Signature enveloping of binary file edited. 
> (Added Invalid Transform to binary:  *<ds:Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>* )
> 
> *log_from_stderr.txt*
> Contains prints from XmlSec library (eg.:
> func=xmlSecParserPushBin:file=..\(...) )
> 
> *log_from_memory_leak_detector.txt*
> Contains memory leak trace.
> 
> 
> 
> On Fri, Aug 30, 2013 at 7:06 PM, Aleksey Sanin <aleksey at aleksey.com
> <mailto:aleksey at aleksey.com>> wrote:
> 
>     Any chance you can send the complete XML file that demonstrates
>     the problem? Or the exact print-out from the memory leak?
> 
>     Thanks in advance,
> 
>     Aleksey
> 
>     On 8/30/13 11:30 AM, Alexwell Sandro wrote:
>     > I create enveloping signature of binary file:
>     >
>     > ...
>     > <ds:Reference Id="myId" URI="#*ObjectId*">
>     > <ds:Transforms>
>     > <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#base64"/>
>     > </ds:Transforms>
>     > ...
>     > <ds:Object Id="*ObjectId*">ghimBgkq</ds:Object>
>     > ...
>     >
>     > *I edited the file placing a transform (invalid to binary):*
>     >
>     > ...
>     > <ds:Reference Id="myId" URI="#*ObjectId*">
>     > <ds:Transforms>
>     > <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#base64"/>
>     > *<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>*
>     > </ds:Transforms>
>     > ...
>     > <ds:Object Id="*ObjectId*">ghimBgkq</ds:Object>
>     > ...
>     >
>     > When verify occurs memory leak.
>     >
>     > Is related to (at *transforms.c* line 2807)
>     > *buffer =
>     >
>     (xmlSecTransformIOBufferPtr)xmlMalloc(sizeof(xmlSecTransformIOBuffer));*
>     >
>     > (at *c14n.c* line 277).
>     >
>     > ...
>     > *ret = xmlOutputBufferClose(buf);*
>     > ...
>     > ret contains the value (-1)
>     >
>     > Is memory leak, or some error in my build?
>     >
>     >
>     >
>     >
>     >
>     >
>     >
>     >
>     >
>     > _______________________________________________
>     > xmlsec mailing list
>     > xmlsec at aleksey.com <mailto:xmlsec at aleksey.com>
>     > http://www.aleksey.com/mailman/listinfo/xmlsec
>     >
> 
>

More information about the xmlsec mailing list