[MDEV-18375] Memory leaks in mysql client in SSL error handling - Jira

XML

Word

Printable

Details

Type: Bug
Status: Open (View Workflow)
Priority: Major
Resolution: Unresolved
Affects Version/s: 10.1, 10.2, 10.3, 10.4
Fix Version/s: 10.4
Component/s: Scripts & Clients, SSL
Labels:
- SSL
- leak
Environment:
Debian GNU/Linux unstable with clang 7.0.1

Description

The mysql client is leaking memory somewhere in SSL tests.

CC=clang-7 CXX=clang++7 CFLAGS=-O2 CXXFLAGS=-O2 cmake -DCONC_WITH_{UNITTEST,SSL}=OFF -DWITH_EMBEDDED_SERVER=OFF -DWITH_UNIT_TESTS=OFF -DCMAKE_BUILD_TYPE=Debug -DPLUGIN_{TOKUDB,MROONGA,OQGRAPH,ROCKSDB,CONNECT,SPIDER}=NO -DWITH_SAFEMALLOC=OFF -DWITH_ZLIB=system -DWITH_SSL=bundled -DWITH_ASAN:BOOL=ON /mariadb/10.3

make -j$(nproc)

cd mysql-test

ASAN_OPTIONS=abort_on_error=1 ./mtr main.ssl_8k_key main.ssl_cert_verify

10.3 e9ba165bcbb9b913411b9a366a5f21d18e313de2
CURRENT_TEST: main.ssl_8k_key
mysqltest: At line 8: exec of '/dev/shm/10.3/client/mysql --defaults-file=/dev/shm/10.3/mysql-test/var/25/my.cnf --connect-timeout=180 --ssl --ssl-key=/mariadb/10.3/mysql-test/std_data/client-key.pem --ssl-cert=/mariadb/10.3/mysql-test/std_data/client-cert.pem -e "SELECT (VARIABLE_VALUE <> '') as have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher'" 2>&1' failed, error: 34304, status: 134, errno: 11
Output from before failure:

=================================================================
==30202==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 3669 byte(s) in 1 object(s) allocated from:
#0 0x4e5c03 in __interceptor_malloc (/dev/shm/10.3/client/mysql+0x4e5c03)
#1 0x7f5ec9862dd6 (/usr/lib/x86_64-linux-gnu/libgnutls.so.30+0x98dd6)
#2 0xd53068cb187cccff (<unknown module>)

Direct leak of 504 byte(s) in 1 object(s) allocated from:
#0 0x4e5dfa in calloc (/dev/shm/10.3/client/mysql+0x4e5dfa)
#1 0x7f5ec988ff67 in gnutls_x509_privkey_init (/usr/lib/x86_64-linux-gnu/libgnutls.so.30+0xc5f67)
#2 0x5526cd in ma_pvio_tls_init /mariadb/10.3/libmariadb/libmariadb/ma_tls.c:71:20

Direct leak of 136 byte(s) in 1 object(s) allocated from:
#0 0x4e5dfa in calloc (/dev/shm/10.3/client/mysql+0x4e5dfa)
#1 0x7f5ec989d4a4 in gnutls_x509_crt_init (/usr/lib/x86_64-linux-gnu/libgnutls.so.30+0xd34a4)
#2 0x5526cd in ma_pvio_tls_init /mariadb/10.3/libmariadb/libmariadb/ma_tls.c:71:20

Indirect leak of 8968 byte(s) in 59 object(s) allocated from:
#0 0x4e5dfa in calloc (/dev/shm/10.3/client/mysql+0x4e5dfa)
#1 0x7f5ec8da6413 (/usr/lib/x86_64-linux-gnu/libtasn1.so.6+0xc413)

Indirect leak of 8512 byte(s) in 56 object(s) allocated from:
#0 0x4e5dfa in calloc (/dev/shm/10.3/client/mysql+0x4e5dfa)
#1 0x7f5ec8da63c0 (/usr/lib/x86_64-linux-gnu/libtasn1.so.6+0xc3c0)

Indirect leak of 4560 byte(s) in 30 object(s) allocated from:
#0 0x4e5dfa in calloc (/dev/shm/10.3/client/mysql+0x4e5dfa)
#1 0x7f5ec8da634b (/usr/lib/x86_64-linux-gnu/libtasn1.so.6+0xc34b)

Indirect leak of 1161 byte(s) in 16 object(s) allocated from:
#0 0x4e5c03 in __interceptor_malloc (/dev/shm/10.3/client/mysql+0x4e5c03)
#1 0x7f5ec8da4d40 (/usr/lib/x86_64-linux-gnu/libtasn1.so.6+0xad40)

Indirect leak of 804 byte(s) in 1 object(s) allocated from:
#0 0x4e5c03 in __interceptor_malloc (/dev/shm/10.3/client/mysql+0x4e5c03)
#1 0x7f5ec981b124 (/usr/lib/x86_64-linux-gnu/libgnutls.so.30+0x51124)

Indirect leak of 608 byte(s) in 7 object(s) allocated from:
#0 0x4e6022 in realloc (/dev/shm/10.3/client/mysql+0x4e6022)
#1 0x7f5ec8cb2943 in __gmp_default_reallocate (/usr/lib/x86_64-linux-gnu/libgmp.so.10+0xc943)

Indirect leak of 152 byte(s) in 1 object(s) allocated from:
#0 0x4e5dfa in calloc (/dev/shm/10.3/client/mysql+0x4e5dfa)
#1 0x7f5ec8da634b (/usr/lib/x86_64-linux-gnu/libtasn1.so.6+0xc34b)
#2 0x60e000028f9f (<unknown module>)

Indirect leak of 152 byte(s) in 1 object(s) allocated from:
#0 0x4e5dfa in calloc (/dev/shm/10.3/client/mysql+0x4e5dfa)
#1 0x7f5ec8da634b (/usr/lib/x86_64-linux-gnu/libtasn1.so.6+0xc34b)
#2 0x60e00002889f (<unknown module>)

Indirect leak of 152 byte(s) in 1 object(s) allocated from:
#0 0x4e5dfa in calloc (/dev/shm/10.3/client/mysql+0x4e5dfa)
#1 0x7f5ec8da634b (/usr/lib/x86_64-linux-gnu/libtasn1.so.6+0xc34b)
#2 0x60e00002d05f (<unknown module>)

Indirect leak of 152 byte(s) in 1 object(s) allocated from:
#0 0x4e5dfa in calloc (/dev/shm/10.3/client/mysql+0x4e5dfa)
#1 0x7f5ec8da634b (/usr/lib/x86_64-linux-gnu/libtasn1.so.6+0xc34b)
#2 0x60e00002819f (<unknown module>)

Indirect leak of 152 byte(s) in 1 object(s) allocated from:
#0 0x4e5dfa in calloc (/dev/shm/10.3/client/mysql+0x4e5dfa)
#1 0x7f5ec8da634b (/usr/lib/x86_64-linux-gnu/libtasn1.so.6+0xc34b)
#2 0x60e00002969f (<unknown module>)

Indirect leak of 152 byte(s) in 1 object(s) allocated from:
#0 0x4e5dfa in calloc (/dev/shm/10.3/client/mysql+0x4e5dfa)
#1 0x7f5ec8da634b (/usr/lib/x86_64-linux-gnu/libtasn1.so.6+0xc34b)
#2 0x60e00002c79f (<unknown module>)

Indirect leak of 152 byte(s) in 1 object(s) allocated from:
#0 0x4e5dfa in calloc (/dev/shm/10.3/client/mysql+0x4e5dfa)
#1 0x7f5ec8da634b (/usr/lib/x86_64-linux-gnu/libtasn1.so.6+0xc34b)
#2 0x60e00002c09f (<unknown module>)

Indirect leak of 152 byte(s) in 1 object(s) allocated from:
#0 0x4e5dfa in calloc (/dev/shm/10.3/client/mysql+0x4e5dfa)
#1 0x7f5ec8da634b (/usr/lib/x86_64-linux-gnu/libtasn1.so.6+0xc34b)
#2 0x60e00002b99f (<unknown module>)

Indirect leak of 152 byte(s) in 1 object(s) allocated from:
#0 0x4e5dfa in calloc (/dev/shm/10.3/client/mysql+0x4e5dfa)
#1 0x7f5ec8da634b (/usr/lib/x86_64-linux-gnu/libtasn1.so.6+0xc34b)
#2 0x60e00002b29f (<unknown module>)

Indirect leak of 152 byte(s) in 1 object(s) allocated from:
#0 0x4e5dfa in calloc (/dev/shm/10.3/client/mysql+0x4e5dfa)
#1 0x7f5ec8da634b (/usr/lib/x86_64-linux-gnu/libtasn1.so.6+0xc34b)
#2 0x60e00002ab9f (<unknown module>)

Indirect leak of 152 byte(s) in 1 object(s) allocated from:
#0 0x4e5dfa in calloc (/dev/shm/10.3/client/mysql+0x4e5dfa)
#1 0x7f5ec8da634b (/usr/lib/x86_64-linux-gnu/libtasn1.so.6+0xc34b)
#2 0x60e00002a49f (<unknown module>)

Indirect leak of 152 byte(s) in 1 object(s) allocated from:
#0 0x4e5dfa in calloc (/dev/shm/10.3/client/mysql+0x4e5dfa)
#1 0x7f5ec8da634b (/usr/lib/x86_64-linux-gnu/libtasn1.so.6+0xc34b)
#2 0x60e000029d9f (<unknown module>)

Indirect leak of 152 byte(s) in 1 object(s) allocated from:
#0 0x4e5dfa in calloc (/dev/shm/10.3/client/mysql+0x4e5dfa)
#1 0x7f5ec8da634b (/usr/lib/x86_64-linux-gnu/libtasn1.so.6+0xc34b)
#2 0x60e00002cbff (<unknown module>)

Indirect leak of 101 byte(s) in 13 object(s) allocated from:
#0 0x4e5c03 in __interceptor_malloc (/dev/shm/10.3/client/mysql+0x4e5c03)
#1 0x7f5ec8da4e44 (/usr/lib/x86_64-linux-gnu/libtasn1.so.6+0xae44)

Indirect leak of 96 byte(s) in 6 object(s) allocated from:
#0 0x4e5c03 in __interceptor_malloc (/dev/shm/10.3/client/mysql+0x4e5c03)
#1 0x7f5ec98f0726 (/usr/lib/x86_64-linux-gnu/libgnutls.so.30+0x126726)
#2 0xd53068cb187cccff (<unknown module>)

Indirect leak of 32 byte(s) in 2 object(s) allocated from:
#0 0x4e5c03 in __interceptor_malloc (/dev/shm/10.3/client/mysql+0x4e5c03)
#1 0x7f5ec98f0726 (/usr/lib/x86_64-linux-gnu/libgnutls.so.30+0x126726)

Indirect leak of 32 byte(s) in 2 object(s) allocated from:
#0 0x4e5dfa in calloc (/dev/shm/10.3/client/mysql+0x4e5dfa)
#1 0x7f5ec98acfb6 in gnutls_subject_alt_names_init (/usr/lib/x86_64-linux-gnu/libgnutls.so.30+0xe2fb6)

Indirect leak of 8 byte(s) in 1 object(s) allocated from:
#0 0x4e5c03 in __interceptor_malloc (/dev/shm/10.3/client/mysql+0x4e5c03)
#1 0x7f5ec8cb28f8 in __gmp_default_allocate (/usr/lib/x86_64-linux-gnu/libgmp.so.10+0xc8f8)
#2 0xd53068cb187cccff (<unknown module>)

SUMMARY: AddressSanitizer: 31167 byte(s) leaked in 209 allocation(s).
Aborted

10.3 e9ba165bcbb9b913411b9a366a5f21d18e313de2
CURRENT_TEST: main.ssl_cert_verify
ERROR 2026 (HY000): SSL connection error: Error in the certificate.

=================================================================
==21709==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 168 byte(s) in 1 object(s) allocated from:
#0 0x4e5dfa in calloc (/dev/shm/10.3/client/mysql+0x4e5dfa)
#1 0x7f6477f0b966 in gnutls_certificate_allocate_credentials (/usr/lib/x86_64-linux-gnu/libgnutls.so.30+0x5b966)
#2 0x5526cd in ma_pvio_tls_init /mariadb/10.3/libmariadb/libmariadb/ma_tls.c:71:20

Indirect leak of 7600 byte(s) in 50 object(s) allocated from:
#0 0x4e5dfa in calloc (/dev/shm/10.3/client/mysql+0x4e5dfa)
#1 0x7f647748c413 (/usr/lib/x86_64-linux-gnu/libtasn1.so.6+0xc413)

Indirect leak of 6096 byte(s) in 1 object(s) allocated from:
#0 0x4e5dfa in calloc (/dev/shm/10.3/client/mysql+0x4e5dfa)
#1 0x7f6477f8fef5 in gnutls_x509_trust_list_init (/usr/lib/x86_64-linux-gnu/libgnutls.so.30+0xdfef5)

Indirect leak of 6080 byte(s) in 40 object(s) allocated from:
#0 0x4e5dfa in calloc (/dev/shm/10.3/client/mysql+0x4e5dfa)
#1 0x7f647748c3c0 (/usr/lib/x86_64-linux-gnu/libtasn1.so.6+0xc3c0)

Indirect leak of 4104 byte(s) in 27 object(s) allocated from:
#0 0x4e5dfa in calloc (/dev/shm/10.3/client/mysql+0x4e5dfa)
#1 0x7f647748c34b (/usr/lib/x86_64-linux-gnu/libtasn1.so.6+0xc34b)

Indirect leak of 864 byte(s) in 1 object(s) allocated from:
#0 0x4e5c03 in __interceptor_malloc (/dev/shm/10.3/client/mysql+0x4e5c03)
#1 0x7f6477f01124 (/usr/lib/x86_64-linux-gnu/libgnutls.so.30+0x51124)

Indirect leak of 647 byte(s) in 7 object(s) allocated from:
#0 0x4e5c03 in __interceptor_malloc (/dev/shm/10.3/client/mysql+0x4e5c03)
#1 0x7f647748ad40 (/usr/lib/x86_64-linux-gnu/libtasn1.so.6+0xad40)

Indirect leak of 152 byte(s) in 1 object(s) allocated from:
#0 0x4e5dfa in calloc (/dev/shm/10.3/client/mysql+0x4e5dfa)
#1 0x7f647748c34b (/usr/lib/x86_64-linux-gnu/libtasn1.so.6+0xc34b)
#2 0x60e000028ebf (<unknown module>)

Indirect leak of 152 byte(s) in 1 object(s) allocated from:
#0 0x4e5dfa in calloc (/dev/shm/10.3/client/mysql+0x4e5dfa)
#1 0x7f647748c34b (/usr/lib/x86_64-linux-gnu/libtasn1.so.6+0xc34b)
#2 0x60e0000280bf (<unknown module>)

Indirect leak of 152 byte(s) in 1 object(s) allocated from:
#0 0x4e5dfa in calloc (/dev/shm/10.3/client/mysql+0x4e5dfa)
#1 0x7f647748c34b (/usr/lib/x86_64-linux-gnu/libtasn1.so.6+0xc34b)
#2 0x60e00002af1f (<unknown module>)

Indirect leak of 152 byte(s) in 1 object(s) allocated from:
#0 0x4e5dfa in calloc (/dev/shm/10.3/client/mysql+0x4e5dfa)
#1 0x7f647748c34b (/usr/lib/x86_64-linux-gnu/libtasn1.so.6+0xc34b)
#2 0x60e0000279bf (<unknown module>)

Indirect leak of 152 byte(s) in 1 object(s) allocated from:
#0 0x4e5dfa in calloc (/dev/shm/10.3/client/mysql+0x4e5dfa)
#1 0x7f647748c34b (/usr/lib/x86_64-linux-gnu/libtasn1.so.6+0xc34b)
#2 0x60e0000287bf (<unknown module>)

Indirect leak of 152 byte(s) in 1 object(s) allocated from:
#0 0x4e5dfa in calloc (/dev/shm/10.3/client/mysql+0x4e5dfa)
#1 0x7f647748c34b (/usr/lib/x86_64-linux-gnu/libtasn1.so.6+0xc34b)
#2 0x60e0000272bf (<unknown module>)

Indirect leak of 152 byte(s) in 1 object(s) allocated from:
#0 0x4e5dfa in calloc (/dev/shm/10.3/client/mysql+0x4e5dfa)
#1 0x7f647748c34b (/usr/lib/x86_64-linux-gnu/libtasn1.so.6+0xc34b)
#2 0x60e0000295bf (<unknown module>)

Indirect leak of 152 byte(s) in 1 object(s) allocated from:
#0 0x4e5dfa in calloc (/dev/shm/10.3/client/mysql+0x4e5dfa)
#1 0x7f647748c34b (/usr/lib/x86_64-linux-gnu/libtasn1.so.6+0xc34b)
#2 0x60e00002aabf (<unknown module>)

Indirect leak of 152 byte(s) in 1 object(s) allocated from:
#0 0x4e5dfa in calloc (/dev/shm/10.3/client/mysql+0x4e5dfa)
#1 0x7f647748c34b (/usr/lib/x86_64-linux-gnu/libtasn1.so.6+0xc34b)
#2 0x60e00002a3bf (<unknown module>)

Indirect leak of 152 byte(s) in 1 object(s) allocated from:
#0 0x4e5dfa in calloc (/dev/shm/10.3/client/mysql+0x4e5dfa)
#1 0x7f647748c34b (/usr/lib/x86_64-linux-gnu/libtasn1.so.6+0xc34b)
#2 0x60e000029cbf (<unknown module>)

Indirect leak of 136 byte(s) in 1 object(s) allocated from:
#0 0x4e5dfa in calloc (/dev/shm/10.3/client/mysql+0x4e5dfa)
#1 0x7f6477f834a4 in gnutls_x509_crt_init (/usr/lib/x86_64-linux-gnu/libgnutls.so.30+0xd34a4)

Indirect leak of 81 byte(s) in 11 object(s) allocated from:
#0 0x4e5c03 in __interceptor_malloc (/dev/shm/10.3/client/mysql+0x4e5c03)
#1 0x7f647748ae44 (/usr/lib/x86_64-linux-gnu/libtasn1.so.6+0xae44)

Indirect leak of 80 byte(s) in 2 object(s) allocated from:
#0 0x4e6022 in realloc (/dev/shm/10.3/client/mysql+0x4e6022)
#1 0x7f6477f0fcb8 (/usr/lib/x86_64-linux-gnu/libgnutls.so.30+0x5fcb8)

Indirect leak of 72 byte(s) in 1 object(s) allocated from:
#0 0x4e5dfa in calloc (/dev/shm/10.3/client/mysql+0x4e5dfa)
#1 0x7f6477f8fed4 in gnutls_x509_trust_list_init (/usr/lib/x86_64-linux-gnu/libgnutls.so.30+0xdfed4)

Indirect leak of 32 byte(s) in 2 object(s) allocated from:
#0 0x4e5dfa in calloc (/dev/shm/10.3/client/mysql+0x4e5dfa)
#1 0x7f6477f92fb6 in gnutls_subject_alt_names_init (/usr/lib/x86_64-linux-gnu/libgnutls.so.30+0xe2fb6)

SUMMARY: AddressSanitizer: 27480 byte(s) leaked in 154 allocation(s).
Aborted
mysqltest: At line 22: command "$MYSQL --protocol=tcp --ssl-ca=$MYSQL_TEST_DIR/std_data/ca-cert-verify.pem --ssl-verify-server-cert -e "SHOW STATUS like 'Ssl_version'"" failed with wrong error: 134

The result from queries just before the failure was:
#T1: Host name (/CN=localhost/) as OU name in the server certificate, server certificate verification should fail.

Note: I believe that these leaks occur in all MariaDB versions. This time I only tested with 10.3.

Attachments

Activity

People

Assignee:: Georg Richter

Reporter:: Marko Mäkelä

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 2019-01-25 08:26

Updated:: 2023-04-27 14:19

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.