[xmlsec] Memory leak ( Verify Signature using Invalid Transform type)
Aleksey Sanin
aleksey at aleksey.com
Tue Sep 10 12:29:10 PDT 2013
Well, first you have the source code :) Second, I hope Daniel might
shed some light on the subject.
Aleksey
On 9/10/13 12:26 PM, Alexwell Sandro wrote:
> Ok,
>
> I'm using Windows 7 64bit
> Visual Studio 2010
>
> *xmlsec1-1.2.19* linking with ( libiconv-1.9.2, *libxml2-2.9.1* and
> libxslt-1.1.28 ) compiled by myself.
>
> The
> *ret = xmlOutputBufferClose(buf);*
>
> seems not clean the buffer, when using ("invalid" transform), with
> return (-1).
>
> What do you recommend?
>
>
>
> On Tue, Sep 10, 2013 at 4:08 PM, Aleksey Sanin <aleksey at aleksey.com
> <mailto:aleksey at aleksey.com>> wrote:
>
> Just to follow up... I've tried to reproduce the issue with the current
> git versions of both XMLSec and LibXML2 but I don't see the memory
> leak. Looking at the code, the only possible scenario to have this leak
> is a missing "close" callback from LibXML2 IO system. It might be either
> version specific (i.e. bug in the old LibXML2) or it might be Windows
> specific (I run tests on Linux + valgrind). I've looked at the current
> LibXML2 code and I don't see any issues there. I wonder if Daniel can
> remember any fixes in this area in the latest releases.
>
> Best,
>
> Aleksey
>
> On 8/30/13 4:10 PM, Alexwell Sandro wrote:
> > I am using xmlsec1-1.2.19
> >
> > Documents attached:
> >
> > *signature_enveloping_edited_invalid_transform.xml*
> > Contains Xml Signature enveloping of binary file edited.
> > (Added Invalid Transform to binary: *<ds:Transform
> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>* )
> >
> > *log_from_stderr.txt*
> > Contains prints from XmlSec library (eg.:
> > func=xmlSecParserPushBin:file=..\(...) )
> >
> > *log_from_memory_leak_detector.txt*
> > Contains memory leak trace.
> >
> >
> >
> > On Fri, Aug 30, 2013 at 7:06 PM, Aleksey Sanin
> <aleksey at aleksey.com <mailto:aleksey at aleksey.com>
> > <mailto:aleksey at aleksey.com <mailto:aleksey at aleksey.com>>> wrote:
> >
> > Any chance you can send the complete XML file that demonstrates
> > the problem? Or the exact print-out from the memory leak?
> >
> > Thanks in advance,
> >
> > Aleksey
> >
> > On 8/30/13 11:30 AM, Alexwell Sandro wrote:
> > > I create enveloping signature of binary file:
> > >
> > > ...
> > > <ds:Reference Id="myId" URI="#*ObjectId*">
> > > <ds:Transforms>
> > > <ds:Transform
> Algorithm="http://www.w3.org/2000/09/xmldsig#base64"/>
> > > </ds:Transforms>
> > > ...
> > > <ds:Object Id="*ObjectId*">ghimBgkq</ds:Object>
> > > ...
> > >
> > > *I edited the file placing a transform (invalid to binary):*
> > >
> > > ...
> > > <ds:Reference Id="myId" URI="#*ObjectId*">
> > > <ds:Transforms>
> > > <ds:Transform
> Algorithm="http://www.w3.org/2000/09/xmldsig#base64"/>
> > > *<ds:Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>*
> > > </ds:Transforms>
> > > ...
> > > <ds:Object Id="*ObjectId*">ghimBgkq</ds:Object>
> > > ...
> > >
> > > When verify occurs memory leak.
> > >
> > > Is related to (at *transforms.c* line 2807)
> > > *buffer =
> > >
> >
> (xmlSecTransformIOBufferPtr)xmlMalloc(sizeof(xmlSecTransformIOBuffer));*
> > >
> > > (at *c14n.c* line 277).
> > >
> > > ...
> > > *ret = xmlOutputBufferClose(buf);*
> > > ...
> > > ret contains the value (-1)
> > >
> > > Is memory leak, or some error in my build?
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > _______________________________________________
> > > xmlsec mailing list
> > > xmlsec at aleksey.com <mailto:xmlsec at aleksey.com>
> <mailto:xmlsec at aleksey.com <mailto:xmlsec at aleksey.com>>
> > > http://www.aleksey.com/mailman/listinfo/xmlsec
> > >
> >
> >
>
>
More information about the xmlsec
mailing list