This is a discussion on Re: possible memory leak in zlib compression - Openssl ; Hi All, From my reading of the bugtraq info, the problem is in the zlib_stateful_init() function in Openssl versions 0.9.8f through 0.9.8h which can be exploited via any application utilizing openssl, including Apache. Here is a reference from the OpenSSL ...
Hi All,
From my reading of the bugtraq info, the problem is in the
zlib_stateful_init() function in Openssl versions 0.9.8f through 0.9.8h
which can be exploited via any application utilizing openssl, including
Apache.
Here is a reference from the OpenSSL Project:
http://marc.info/?l=openssl-dev&m=121060672602371&w=2
and the change introducing the bug: http://cvs.openssl.org/chngview?cn=15897
Please tell this bug is in openssl or Apache .
Please Help.Its is urgent need.
Thanks
Joshi Chandran
Dustin Kirkland-2 wrote:
>
> I'm trying to solve a reproducible memory leak that manifests itself
> with SSL + Apache2:
> https://bugs.launchpad.net/ubuntu/+s...e2/+bug/224945
>
> Valgrind, plus our own research, points to a possible memory leak in
> crypto/comp/c_zlib.c in libssl0.9.8g.
>
> We see:
> struct zlib_state *state = -> (struct zlib_state
> *)OPENSSL_malloc(sizeof(struct zlib_state));
> allocating the data.
>
> However, it does not seem that a zlib_stateful_free_ex_data() is called
> to free it.
>
>
> Thanks,
> :-Dustin
>
> Dustin Kirkland
> Ubuntu Server Developer
> Canonical, LTD
> GPG: 1024D/83A61194
> __________________________________________________ ____________________
> OpenSSL Project http://www.openssl.org
> Development Mailing List openssl-dev@openssl.org
> Automated List Manager majordomo@openssl.org
>
>
--
View this message in context: http://www.nabble.com/possible-memor...p20280458.html
Sent from the OpenSSL - Dev mailing list archive at Nabble.com.
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org
