Hello,

I have been developing a Win32 application that makes TCP connections.
When the application ends, I use to dump all non-deallocated memory
blocks, in order to avoid possible memory leaks. The question is that if
I use openssl, there are a couple of memory blocks that are not freed.
These blocks are allocated in SSL_library_init.

I have reproduced the error with the following code (I may have become a
little bit paranoid with the cleanup procedure and maybe some calls are
duplicates of previous calls):

SSL_library_init ();
ERR_remove_state(0);
EVP_cleanup ();
CRYPTO_cleanup_all_ex_data();
ERR_free_strings();
ENGINE_cleanup();
CONF_modules_unload (1);
CONF_modules_free();

After this code, making a call to _CrtDumpMemoryLeaks, I obtain:

Detected memory leaks!
Dumping objects ->
{140} normal block at 0x003A69E8, 16 bytes long.
Data: < > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
{139} normal block at 0x003A6900, 20 bytes long.
Data: < i: > 00 00 00 00 E8 69 3A 00 00 00 00 00 04 00 00 00
Object dump complete.

If I set the debugger to interrupt the memory allocation 139, it happens
in SSL_library_init. I finally identified that those blocks where a list
that contains the allowed compression methods. If I add a line to
explicitly free that list:

SSL_library_init ();
ERR_remove_state(0);
EVP_cleanup ();
CRYPTO_cleanup_all_ex_data();
ERR_free_strings();
ENGINE_cleanup();
CONF_modules_unload (1);
CONF_modules_free();
sk_SSL_COMP_free (SSL_COMP_get_compression_methods());

The debugger reports no memory leaks.

This being said, I understand that maybe it's my fault, in that maybe I
call the cleanup methods in the wrong order, or maybe I'm missing some
cleanup call that I didn't find. Besides, it's not a serious error, as
repeating that process (initialization and cleanup) several times shows
that no additional memory blocks are allocated, so this is not a real
memory leak (doesn't look like an application will run out of memory
because of this), but I guess it would be nice if it could be corrected
(maybe including the sk_SSL_COMP_free in some of the cleanup methods?).
Or maybe it's just a documentation problem, and the correct cleanup
procedure should appear somewhere...

I tried to search the archives for this one, but haven't found it, and
was in doubt if I should report it here or in the users mailing list.
I'm sorry if this is not the correct way to report it, is a duplicate or
there's a problem with my code.

Best regards,

Ion Larraņaga
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org