5

I am trying a very simple implementation of libssh but valgrind shows memory leak.

The code is:

#include <libssh/libssh.h>
#include <stdlib.h>
#include <stdio.h>
#include <errno.h>
#include <string.h>
int main()
{
        ssh_session my_ssh_session = ssh_new();
        int port = 22;
        int rc, state;
        const char *ip = "192.168.125.241";
        char *password;
        if (my_ssh_session == NULL)
                exit(-1);
        ssh_options_set(my_ssh_session, SSH_OPTIONS_HOST, ip);
        ssh_options_set(my_ssh_session, SSH_OPTIONS_PORT, &port);
        rc = ssh_connect(my_ssh_session);
        if (rc != SSH_OK)
        {
                fprintf(stderr, "Error connecting to localhost: %s\n",
                ssh_get_error(my_ssh_session));
                exit(-1);
        }

        state = ssh_is_server_known(my_ssh_session);
        if(state == SSH_SERVER_KNOWN_OK)
                printf("already added\n");
        else
                printf("require addition\n");

        rc = ssh_userauth_password(my_ssh_session, "rohit", "password");
        if (rc != SSH_AUTH_SUCCESS)
        {
                fprintf(stderr, "Error authenticating with password: %s\n",
                ssh_get_error(my_ssh_session));
                ssh_disconnect(my_ssh_session);
                ssh_free(my_ssh_session);
                exit(-1);
        }
        ssh_disconnect(my_ssh_session);
        ssh_free(my_ssh_session);
}

COMPILATION:

gcc sshex.c -lssh

VALGRIND RUN:

root@rohit-Precision-T1500:/# valgrind --tool=memcheck --leak-check=full --show-leak-kinds=all --show-reachable=no ./a.out 
==1937== Memcheck, a memory error detector
==1937== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==1937== Using Valgrind-3.10.0.SVN and LibVEX; rerun with -h for copyright info
==1937== Command: ./a.out
==1937== 
yahoo
==1937== 
==1937== HEAP SUMMARY:
==1937==     in use at exit: 14,256 bytes in 521 blocks
==1937==   total heap usage: 1,339 allocs, 818 frees, 92,442 bytes allocated
==1937== 
==1937== 24 bytes in 1 blocks are indirectly lost in loss record 507 of 520
==1937==    at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==1937==    by 0x56AAD32: CRYPTO_malloc (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==1937==    by 0x56E3A59: BN_new (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==1937==    by 0x56E3F07: BN_bin2bn (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==1937==    by 0x4E6079B: pki_signature_from_blob (pki_crypto.c:1384)
==1937==    by 0x4E599F9: ssh_pki_import_signature_blob (pki.c:1262)
==1937==    by 0x4E59A77: ssh_pki_signature_verify_blob (pki.c:1281)
==1937==    by 0x4E578DE: ssh_packet_newkeys (packet_cb.c:186)
==1937==    by 0x4E56E6F: ssh_packet_process (packet.c:422)
==1937==    by 0x4E57374: ssh_packet_socket_callback (packet.c:326)
==1937==    by 0x4E573B3: ssh_packet_socket_callback (packet.c:336)
==1937==    by 0x4E5D951: ssh_socket_pollcallback (socket.c:290)
==1937== 
==1937== 24 bytes in 1 blocks are indirectly lost in loss record 508 of 520
==1937==    at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==1937==    by 0x56AAD32: CRYPTO_malloc (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==1937==    by 0x56E3A59: BN_new (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==1937==    by 0x56E3F07: BN_bin2bn (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==1937==    by 0x4E607EC: pki_signature_from_blob (pki_crypto.c:1405)
==1937==    by 0x4E599F9: ssh_pki_import_signature_blob (pki.c:1262)
==1937==    by 0x4E59A77: ssh_pki_signature_verify_blob (pki.c:1281)
==1937==    by 0x4E578DE: ssh_packet_newkeys (packet_cb.c:186)
==1937==    by 0x4E56E6F: ssh_packet_process (packet.c:422)
==1937==    by 0x4E57374: ssh_packet_socket_callback (packet.c:326)
==1937==    by 0x4E573B3: ssh_packet_socket_callback (packet.c:336)
==1937==    by 0x4E5D951: ssh_socket_pollcallback (socket.c:290)
==1937== 
==1937== 32 bytes in 1 blocks are indirectly lost in loss record 511 of 520
==1937==    at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==1937==    by 0x56AAD32: CRYPTO_malloc (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==1937==    by 0x56E35E6: ??? (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==1937==    by 0x56E3AD4: bn_expand2 (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==1937==    by 0x56E3ECF: BN_bin2bn (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==1937==    by 0x4E6079B: pki_signature_from_blob (pki_crypto.c:1384)
==1937==    by 0x4E599F9: ssh_pki_import_signature_blob (pki.c:1262)
==1937==    by 0x4E59A77: ssh_pki_signature_verify_blob (pki.c:1281)
==1937==    by 0x4E578DE: ssh_packet_newkeys (packet_cb.c:186)
==1937==    by 0x4E56E6F: ssh_packet_process (packet.c:422)
==1937==    by 0x4E57374: ssh_packet_socket_callback (packet.c:326)
==1937==    by 0x4E573B3: ssh_packet_socket_callback (packet.c:336)
==1937== 
==1937== 32 bytes in 1 blocks are indirectly lost in loss record 512 of 520
==1937==    at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==1937==    by 0x56AAD32: CRYPTO_malloc (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==1937==    by 0x56E35E6: ??? (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==1937==    by 0x56E3AD4: bn_expand2 (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==1937==    by 0x56E3ECF: BN_bin2bn (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==1937==    by 0x4E607EC: pki_signature_from_blob (pki_crypto.c:1405)
==1937==    by 0x4E599F9: ssh_pki_import_signature_blob (pki.c:1262)
==1937==    by 0x4E59A77: ssh_pki_signature_verify_blob (pki.c:1281)
==1937==    by 0x4E578DE: ssh_packet_newkeys (packet_cb.c:186)
==1937==    by 0x4E56E6F: ssh_packet_process (packet.c:422)
==1937==    by 0x4E57374: ssh_packet_socket_callback (packet.c:326)
==1937==    by 0x4E573B3: ssh_packet_socket_callback (packet.c:336)
==1937== 
==1937== 48 bytes in 2 blocks are definitely lost in loss record 513 of 520
==1937==    at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==1937==    by 0x56AAD32: CRYPTO_malloc (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==1937==    by 0x56E3A59: BN_new (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==1937==    by 0x574C358: ??? (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==1937==    by 0x5750B1A: ??? (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==1937==    by 0x5750BC5: ??? (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==1937==    by 0x5750D79: ASN1_item_new (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==1937==    by 0x4E60734: pki_signature_from_blob (pki_crypto.c:1347)
==1937==    by 0x4E599F9: ssh_pki_import_signature_blob (pki.c:1262)
==1937==    by 0x4E59A77: ssh_pki_signature_verify_blob (pki.c:1281)
==1937==    by 0x4E578DE: ssh_packet_newkeys (packet_cb.c:186)
==1937==    by 0x4E56E6F: ssh_packet_process (packet.c:422)
==1937== 
==1937== 128 (16 direct, 112 indirect) bytes in 1 blocks are definitely lost in loss record 516 of 520
==1937==    at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==1937==    by 0x56AAD32: CRYPTO_malloc (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==1937==    by 0x5750D0B: ??? (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==1937==    by 0x5750D79: ASN1_item_new (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)
==1937==    by 0x4E60734: pki_signature_from_blob (pki_crypto.c:1347)
==1937==    by 0x4E599F9: ssh_pki_import_signature_blob (pki.c:1262)
==1937==    by 0x4E59A77: ssh_pki_signature_verify_blob (pki.c:1281)
==1937==    by 0x4E578DE: ssh_packet_newkeys (packet_cb.c:186)
==1937==    by 0x4E56E6F: ssh_packet_process (packet.c:422)
==1937==    by 0x4E57374: ssh_packet_socket_callback (packet.c:326)
==1937==    by 0x4E573B3: ssh_packet_socket_callback (packet.c:336)
==1937==    by 0x4E5D951: ssh_socket_pollcallback (socket.c:290)
==1937== 
==1937== LEAK SUMMARY:
==1937==    definitely lost: 64 bytes in 3 blocks
==1937==    indirectly lost: 112 bytes in 4 blocks
==1937==      possibly lost: 0 bytes in 0 blocks
==1937==    still reachable: 14,080 bytes in 514 blocks
==1937==         suppressed: 0 bytes in 0 blocks
==1937== Reachable blocks (those to which a pointer was found) are not shown.

DIRECT RUN:

root@rohit-Precision-T1500:/# gcc sshex.c -lssh
root@rohit-Precision-T1500:/# ./a.out 
already added
root@rohit-Precision-T1500:/#

LINUX VERSION:

root@rohit-Precision-T1500:/# uname -a
Linux rohit-Precision-T1500 3.13.0-43-generic #72-Ubuntu SMP Mon Dec 8 19:35:06 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux

I have experimented on this. If I remove the function ssh_connect() (and other following functions of course), then I don't get any leak. So, the leak must have been raised by this function. But in my little program, I have used the function ssh_disconnect() to release the memory allocated by ssh_connect(). So, How can I make sure the memory is freed for sure?

I would like to use SCP functionality in my software and that will be a long lived process. So, the memory leak is going to be a serious concern. As per my understanding, the leaks are associated with libcrypto library which probably is not leak of libssh. If, it is or otherwise, what is the solution to get rid of these leaks? Where am i doing wrong?

Rohit
  • 604
  • 1
  • 10
  • 25
  • Wouldn't you require a `ssh_free(my_ssh_session);` after `fprintf(stderr, "Error connecting to localhost: %s\n", ssh_get_error(my_ssh_session));` ? – nav Jan 08 '15 at 12:42
  • That wouldn't change a thing. The program is anyhow going to terminate and free all memory after the block you are indicating. I have pasted valgrind log of a successful program run. – Rohit Jan 08 '15 at 12:51
  • Can you post the program's output? – nav Jan 08 '15 at 12:59
  • Updated. Please find content under **DIRECT RUN** in the question. – Rohit Jan 08 '15 at 13:07

1 Answers1

2

It happened as I suspected. This could be the bug in libcrypto. I ran my program in RHEL 6.5 and valgrind showed no leaks.

Here is the snippet of the output:

[root@demo-hadoop test]# gcc sshex.c -lssh
[root@demo-hadoop test]# valgrind --tool=memcheck ./a.out 
==23636== Memcheck, a memory error detector
==23636== Copyright (C) 2002-2012, and GNU GPL'd, by Julian Seward et al.
==23636== Using Valgrind-3.8.1 and LibVEX; rerun with -h for copyright info
==23636== Command: ./a.out
==23636== 
already added
==23636== 
==23636== HEAP SUMMARY:
==23636==     in use at exit: 15,304 bytes in 532 blocks
==23636==   total heap usage: 1,067 allocs, 535 frees, 82,199 bytes allocated
==23636== 
==23636== LEAK SUMMARY:
==23636==    definitely lost: 0 bytes in 0 blocks
==23636==    indirectly lost: 0 bytes in 0 blocks
==23636==      possibly lost: 0 bytes in 0 blocks
==23636==    still reachable: 15,304 bytes in 532 blocks
==23636==         suppressed: 0 bytes in 0 blocks
==23636== Rerun with --leak-check=full to see details of leaked memory
==23636== 
==23636== For counts of detected and suppressed errors, rerun with: -v
==23636== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 6 from 6)
[root@demo-hadoop test]# 
[root@demo-hadoop test]# 
[root@demo-hadoop test]# uname -a
Linux demo-hadoop 2.6.32-431.el6.x86_64 #1 SMP Sun Nov 10 22:19:54 EST 2013 x86_64 x86_64 x86_64 GNU/Linux

So, of course, this is not a bug in libssh.

Rohit
  • 604
  • 1
  • 10
  • 25