Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-18375

Memory leaks in mysql client in SSL error handling

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open (View Workflow)
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 10.1, 10.2, 10.3, 10.4
    • Fix Version/s: 10.2, 10.3, 10.4
    • Component/s: Scripts & Clients, SSL
    • Labels:
    • Environment:
      Debian GNU/Linux unstable with clang 7.0.1

      Description

      The mysql client is leaking memory somewhere in SSL tests.

      CC=clang-7 CXX=clang++7 CFLAGS=-O2 CXXFLAGS=-O2 cmake -DCONC_WITH_{UNITTEST,SSL}=OFF -DWITH_EMBEDDED_SERVER=OFF -DWITH_UNIT_TESTS=OFF -DCMAKE_BUILD_TYPE=Debug -DPLUGIN_{TOKUDB,MROONGA,OQGRAPH,ROCKSDB,CONNECT,SPIDER}=NO -DWITH_SAFEMALLOC=OFF -DWITH_ZLIB=system -DWITH_SSL=bundled -DWITH_ASAN:BOOL=ON /mariadb/10.3
      make -j$(nproc)
      cd mysql-test
      ASAN_OPTIONS=abort_on_error=1 ./mtr main.ssl_8k_key main.ssl_cert_verify
      

      10.3 e9ba165bcbb9b913411b9a366a5f21d18e313de2

      CURRENT_TEST: main.ssl_8k_key
      mysqltest: At line 8: exec of '/dev/shm/10.3/client/mysql --defaults-file=/dev/shm/10.3/mysql-test/var/25/my.cnf --connect-timeout=180 --ssl --ssl-key=/mariadb/10.3/mysql-test/std_data/client-key.pem --ssl-cert=/mariadb/10.3/mysql-test/std_data/client-cert.pem -e "SELECT (VARIABLE_VALUE <> '') as have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher'" 2>&1' failed, error: 34304, status: 134, errno: 11
      Output from before failure:
       
      =================================================================
      ==30202==ERROR: LeakSanitizer: detected memory leaks
       
      Direct leak of 3669 byte(s) in 1 object(s) allocated from:
          #0 0x4e5c03 in __interceptor_malloc (/dev/shm/10.3/client/mysql+0x4e5c03)
          #1 0x7f5ec9862dd6  (/usr/lib/x86_64-linux-gnu/libgnutls.so.30+0x98dd6)
          #2 0xd53068cb187cccff  (<unknown module>)
       
      Direct leak of 504 byte(s) in 1 object(s) allocated from:
          #0 0x4e5dfa in calloc (/dev/shm/10.3/client/mysql+0x4e5dfa)
          #1 0x7f5ec988ff67 in gnutls_x509_privkey_init (/usr/lib/x86_64-linux-gnu/libgnutls.so.30+0xc5f67)
          #2 0x5526cd in ma_pvio_tls_init /mariadb/10.3/libmariadb/libmariadb/ma_tls.c:71:20
       
      Direct leak of 136 byte(s) in 1 object(s) allocated from:
          #0 0x4e5dfa in calloc (/dev/shm/10.3/client/mysql+0x4e5dfa)
          #1 0x7f5ec989d4a4 in gnutls_x509_crt_init (/usr/lib/x86_64-linux-gnu/libgnutls.so.30+0xd34a4)
          #2 0x5526cd in ma_pvio_tls_init /mariadb/10.3/libmariadb/libmariadb/ma_tls.c:71:20
       
      Indirect leak of 8968 byte(s) in 59 object(s) allocated from:
          #0 0x4e5dfa in calloc (/dev/shm/10.3/client/mysql+0x4e5dfa)
          #1 0x7f5ec8da6413  (/usr/lib/x86_64-linux-gnu/libtasn1.so.6+0xc413)
       
      Indirect leak of 8512 byte(s) in 56 object(s) allocated from:
          #0 0x4e5dfa in calloc (/dev/shm/10.3/client/mysql+0x4e5dfa)
          #1 0x7f5ec8da63c0  (/usr/lib/x86_64-linux-gnu/libtasn1.so.6+0xc3c0)
       
      Indirect leak of 4560 byte(s) in 30 object(s) allocated from:
          #0 0x4e5dfa in calloc (/dev/shm/10.3/client/mysql+0x4e5dfa)
          #1 0x7f5ec8da634b  (/usr/lib/x86_64-linux-gnu/libtasn1.so.6+0xc34b)
       
      Indirect leak of 1161 byte(s) in 16 object(s) allocated from:
          #0 0x4e5c03 in __interceptor_malloc (/dev/shm/10.3/client/mysql+0x4e5c03)
          #1 0x7f5ec8da4d40  (/usr/lib/x86_64-linux-gnu/libtasn1.so.6+0xad40)
       
      Indirect leak of 804 byte(s) in 1 object(s) allocated from:
          #0 0x4e5c03 in __interceptor_malloc (/dev/shm/10.3/client/mysql+0x4e5c03)
          #1 0x7f5ec981b124  (/usr/lib/x86_64-linux-gnu/libgnutls.so.30+0x51124)
       
      Indirect leak of 608 byte(s) in 7 object(s) allocated from:
          #0 0x4e6022 in realloc (/dev/shm/10.3/client/mysql+0x4e6022)
          #1 0x7f5ec8cb2943 in __gmp_default_reallocate (/usr/lib/x86_64-linux-gnu/libgmp.so.10+0xc943)
       
      Indirect leak of 152 byte(s) in 1 object(s) allocated from:
          #0 0x4e5dfa in calloc (/dev/shm/10.3/client/mysql+0x4e5dfa)
          #1 0x7f5ec8da634b  (/usr/lib/x86_64-linux-gnu/libtasn1.so.6+0xc34b)
          #2 0x60e000028f9f  (<unknown module>)
       
      Indirect leak of 152 byte(s) in 1 object(s) allocated from:
          #0 0x4e5dfa in calloc (/dev/shm/10.3/client/mysql+0x4e5dfa)
          #1 0x7f5ec8da634b  (/usr/lib/x86_64-linux-gnu/libtasn1.so.6+0xc34b)
          #2 0x60e00002889f  (<unknown module>)
       
      Indirect leak of 152 byte(s) in 1 object(s) allocated from:
          #0 0x4e5dfa in calloc (/dev/shm/10.3/client/mysql+0x4e5dfa)
          #1 0x7f5ec8da634b  (/usr/lib/x86_64-linux-gnu/libtasn1.so.6+0xc34b)
          #2 0x60e00002d05f  (<unknown module>)
       
      Indirect leak of 152 byte(s) in 1 object(s) allocated from:
          #0 0x4e5dfa in calloc (/dev/shm/10.3/client/mysql+0x4e5dfa)
          #1 0x7f5ec8da634b  (/usr/lib/x86_64-linux-gnu/libtasn1.so.6+0xc34b)
          #2 0x60e00002819f  (<unknown module>)
       
      Indirect leak of 152 byte(s) in 1 object(s) allocated from:
          #0 0x4e5dfa in calloc (/dev/shm/10.3/client/mysql+0x4e5dfa)
          #1 0x7f5ec8da634b  (/usr/lib/x86_64-linux-gnu/libtasn1.so.6+0xc34b)
          #2 0x60e00002969f  (<unknown module>)
       
      Indirect leak of 152 byte(s) in 1 object(s) allocated from:
          #0 0x4e5dfa in calloc (/dev/shm/10.3/client/mysql+0x4e5dfa)
          #1 0x7f5ec8da634b  (/usr/lib/x86_64-linux-gnu/libtasn1.so.6+0xc34b)
          #2 0x60e00002c79f  (<unknown module>)
       
      Indirect leak of 152 byte(s) in 1 object(s) allocated from:
          #0 0x4e5dfa in calloc (/dev/shm/10.3/client/mysql+0x4e5dfa)
          #1 0x7f5ec8da634b  (/usr/lib/x86_64-linux-gnu/libtasn1.so.6+0xc34b)
          #2 0x60e00002c09f  (<unknown module>)
       
      Indirect leak of 152 byte(s) in 1 object(s) allocated from:
          #0 0x4e5dfa in calloc (/dev/shm/10.3/client/mysql+0x4e5dfa)
          #1 0x7f5ec8da634b  (/usr/lib/x86_64-linux-gnu/libtasn1.so.6+0xc34b)
          #2 0x60e00002b99f  (<unknown module>)
       
      Indirect leak of 152 byte(s) in 1 object(s) allocated from:
          #0 0x4e5dfa in calloc (/dev/shm/10.3/client/mysql+0x4e5dfa)
          #1 0x7f5ec8da634b  (/usr/lib/x86_64-linux-gnu/libtasn1.so.6+0xc34b)
          #2 0x60e00002b29f  (<unknown module>)
       
      Indirect leak of 152 byte(s) in 1 object(s) allocated from:
          #0 0x4e5dfa in calloc (/dev/shm/10.3/client/mysql+0x4e5dfa)
          #1 0x7f5ec8da634b  (/usr/lib/x86_64-linux-gnu/libtasn1.so.6+0xc34b)
          #2 0x60e00002ab9f  (<unknown module>)
       
      Indirect leak of 152 byte(s) in 1 object(s) allocated from:
          #0 0x4e5dfa in calloc (/dev/shm/10.3/client/mysql+0x4e5dfa)
          #1 0x7f5ec8da634b  (/usr/lib/x86_64-linux-gnu/libtasn1.so.6+0xc34b)
          #2 0x60e00002a49f  (<unknown module>)
       
      Indirect leak of 152 byte(s) in 1 object(s) allocated from:
          #0 0x4e5dfa in calloc (/dev/shm/10.3/client/mysql+0x4e5dfa)
          #1 0x7f5ec8da634b  (/usr/lib/x86_64-linux-gnu/libtasn1.so.6+0xc34b)
          #2 0x60e000029d9f  (<unknown module>)
       
      Indirect leak of 152 byte(s) in 1 object(s) allocated from:
          #0 0x4e5dfa in calloc (/dev/shm/10.3/client/mysql+0x4e5dfa)
          #1 0x7f5ec8da634b  (/usr/lib/x86_64-linux-gnu/libtasn1.so.6+0xc34b)
          #2 0x60e00002cbff  (<unknown module>)
       
      Indirect leak of 101 byte(s) in 13 object(s) allocated from:
          #0 0x4e5c03 in __interceptor_malloc (/dev/shm/10.3/client/mysql+0x4e5c03)
          #1 0x7f5ec8da4e44  (/usr/lib/x86_64-linux-gnu/libtasn1.so.6+0xae44)
       
      Indirect leak of 96 byte(s) in 6 object(s) allocated from:
          #0 0x4e5c03 in __interceptor_malloc (/dev/shm/10.3/client/mysql+0x4e5c03)
          #1 0x7f5ec98f0726  (/usr/lib/x86_64-linux-gnu/libgnutls.so.30+0x126726)
          #2 0xd53068cb187cccff  (<unknown module>)
       
      Indirect leak of 32 byte(s) in 2 object(s) allocated from:
          #0 0x4e5c03 in __interceptor_malloc (/dev/shm/10.3/client/mysql+0x4e5c03)
          #1 0x7f5ec98f0726  (/usr/lib/x86_64-linux-gnu/libgnutls.so.30+0x126726)
       
      Indirect leak of 32 byte(s) in 2 object(s) allocated from:
          #0 0x4e5dfa in calloc (/dev/shm/10.3/client/mysql+0x4e5dfa)
          #1 0x7f5ec98acfb6 in gnutls_subject_alt_names_init (/usr/lib/x86_64-linux-gnu/libgnutls.so.30+0xe2fb6)
       
      Indirect leak of 8 byte(s) in 1 object(s) allocated from:
          #0 0x4e5c03 in __interceptor_malloc (/dev/shm/10.3/client/mysql+0x4e5c03)
          #1 0x7f5ec8cb28f8 in __gmp_default_allocate (/usr/lib/x86_64-linux-gnu/libgmp.so.10+0xc8f8)
          #2 0xd53068cb187cccff  (<unknown module>)
       
      SUMMARY: AddressSanitizer: 31167 byte(s) leaked in 209 allocation(s).
      Aborted
      

      10.3 e9ba165bcbb9b913411b9a366a5f21d18e313de2

      CURRENT_TEST: main.ssl_cert_verify
      ERROR 2026 (HY000): SSL connection error: Error in the certificate.
       
      =================================================================
      ==21709==ERROR: LeakSanitizer: detected memory leaks
       
      Direct leak of 168 byte(s) in 1 object(s) allocated from:
          #0 0x4e5dfa in calloc (/dev/shm/10.3/client/mysql+0x4e5dfa)
          #1 0x7f6477f0b966 in gnutls_certificate_allocate_credentials (/usr/lib/x86_64-linux-gnu/libgnutls.so.30+0x5b966)
          #2 0x5526cd in ma_pvio_tls_init /mariadb/10.3/libmariadb/libmariadb/ma_tls.c:71:20
       
      Indirect leak of 7600 byte(s) in 50 object(s) allocated from:
          #0 0x4e5dfa in calloc (/dev/shm/10.3/client/mysql+0x4e5dfa)
          #1 0x7f647748c413  (/usr/lib/x86_64-linux-gnu/libtasn1.so.6+0xc413)
       
      Indirect leak of 6096 byte(s) in 1 object(s) allocated from:
          #0 0x4e5dfa in calloc (/dev/shm/10.3/client/mysql+0x4e5dfa)
          #1 0x7f6477f8fef5 in gnutls_x509_trust_list_init (/usr/lib/x86_64-linux-gnu/libgnutls.so.30+0xdfef5)
       
      Indirect leak of 6080 byte(s) in 40 object(s) allocated from:
          #0 0x4e5dfa in calloc (/dev/shm/10.3/client/mysql+0x4e5dfa)
          #1 0x7f647748c3c0  (/usr/lib/x86_64-linux-gnu/libtasn1.so.6+0xc3c0)
       
      Indirect leak of 4104 byte(s) in 27 object(s) allocated from:
          #0 0x4e5dfa in calloc (/dev/shm/10.3/client/mysql+0x4e5dfa)
          #1 0x7f647748c34b  (/usr/lib/x86_64-linux-gnu/libtasn1.so.6+0xc34b)
       
      Indirect leak of 864 byte(s) in 1 object(s) allocated from:
          #0 0x4e5c03 in __interceptor_malloc (/dev/shm/10.3/client/mysql+0x4e5c03)
          #1 0x7f6477f01124  (/usr/lib/x86_64-linux-gnu/libgnutls.so.30+0x51124)
       
      Indirect leak of 647 byte(s) in 7 object(s) allocated from:
          #0 0x4e5c03 in __interceptor_malloc (/dev/shm/10.3/client/mysql+0x4e5c03)
          #1 0x7f647748ad40  (/usr/lib/x86_64-linux-gnu/libtasn1.so.6+0xad40)
       
      Indirect leak of 152 byte(s) in 1 object(s) allocated from:
          #0 0x4e5dfa in calloc (/dev/shm/10.3/client/mysql+0x4e5dfa)
          #1 0x7f647748c34b  (/usr/lib/x86_64-linux-gnu/libtasn1.so.6+0xc34b)
          #2 0x60e000028ebf  (<unknown module>)
       
      Indirect leak of 152 byte(s) in 1 object(s) allocated from:
          #0 0x4e5dfa in calloc (/dev/shm/10.3/client/mysql+0x4e5dfa)
          #1 0x7f647748c34b  (/usr/lib/x86_64-linux-gnu/libtasn1.so.6+0xc34b)
          #2 0x60e0000280bf  (<unknown module>)
       
      Indirect leak of 152 byte(s) in 1 object(s) allocated from:
          #0 0x4e5dfa in calloc (/dev/shm/10.3/client/mysql+0x4e5dfa)
          #1 0x7f647748c34b  (/usr/lib/x86_64-linux-gnu/libtasn1.so.6+0xc34b)
          #2 0x60e00002af1f  (<unknown module>)
       
      Indirect leak of 152 byte(s) in 1 object(s) allocated from:
          #0 0x4e5dfa in calloc (/dev/shm/10.3/client/mysql+0x4e5dfa)
          #1 0x7f647748c34b  (/usr/lib/x86_64-linux-gnu/libtasn1.so.6+0xc34b)
          #2 0x60e0000279bf  (<unknown module>)
       
      Indirect leak of 152 byte(s) in 1 object(s) allocated from:
          #0 0x4e5dfa in calloc (/dev/shm/10.3/client/mysql+0x4e5dfa)
          #1 0x7f647748c34b  (/usr/lib/x86_64-linux-gnu/libtasn1.so.6+0xc34b)
          #2 0x60e0000287bf  (<unknown module>)
       
      Indirect leak of 152 byte(s) in 1 object(s) allocated from:
          #0 0x4e5dfa in calloc (/dev/shm/10.3/client/mysql+0x4e5dfa)
          #1 0x7f647748c34b  (/usr/lib/x86_64-linux-gnu/libtasn1.so.6+0xc34b)
          #2 0x60e0000272bf  (<unknown module>)
       
      Indirect leak of 152 byte(s) in 1 object(s) allocated from:
          #0 0x4e5dfa in calloc (/dev/shm/10.3/client/mysql+0x4e5dfa)
          #1 0x7f647748c34b  (/usr/lib/x86_64-linux-gnu/libtasn1.so.6+0xc34b)
          #2 0x60e0000295bf  (<unknown module>)
       
      Indirect leak of 152 byte(s) in 1 object(s) allocated from:
          #0 0x4e5dfa in calloc (/dev/shm/10.3/client/mysql+0x4e5dfa)
          #1 0x7f647748c34b  (/usr/lib/x86_64-linux-gnu/libtasn1.so.6+0xc34b)
          #2 0x60e00002aabf  (<unknown module>)
       
      Indirect leak of 152 byte(s) in 1 object(s) allocated from:
          #0 0x4e5dfa in calloc (/dev/shm/10.3/client/mysql+0x4e5dfa)
          #1 0x7f647748c34b  (/usr/lib/x86_64-linux-gnu/libtasn1.so.6+0xc34b)
          #2 0x60e00002a3bf  (<unknown module>)
       
      Indirect leak of 152 byte(s) in 1 object(s) allocated from:
          #0 0x4e5dfa in calloc (/dev/shm/10.3/client/mysql+0x4e5dfa)
          #1 0x7f647748c34b  (/usr/lib/x86_64-linux-gnu/libtasn1.so.6+0xc34b)
          #2 0x60e000029cbf  (<unknown module>)
       
      Indirect leak of 136 byte(s) in 1 object(s) allocated from:
          #0 0x4e5dfa in calloc (/dev/shm/10.3/client/mysql+0x4e5dfa)
          #1 0x7f6477f834a4 in gnutls_x509_crt_init (/usr/lib/x86_64-linux-gnu/libgnutls.so.30+0xd34a4)
       
      Indirect leak of 81 byte(s) in 11 object(s) allocated from:
          #0 0x4e5c03 in __interceptor_malloc (/dev/shm/10.3/client/mysql+0x4e5c03)
          #1 0x7f647748ae44  (/usr/lib/x86_64-linux-gnu/libtasn1.so.6+0xae44)
       
      Indirect leak of 80 byte(s) in 2 object(s) allocated from:
          #0 0x4e6022 in realloc (/dev/shm/10.3/client/mysql+0x4e6022)
          #1 0x7f6477f0fcb8  (/usr/lib/x86_64-linux-gnu/libgnutls.so.30+0x5fcb8)
       
      Indirect leak of 72 byte(s) in 1 object(s) allocated from:
          #0 0x4e5dfa in calloc (/dev/shm/10.3/client/mysql+0x4e5dfa)
          #1 0x7f6477f8fed4 in gnutls_x509_trust_list_init (/usr/lib/x86_64-linux-gnu/libgnutls.so.30+0xdfed4)
       
      Indirect leak of 32 byte(s) in 2 object(s) allocated from:
          #0 0x4e5dfa in calloc (/dev/shm/10.3/client/mysql+0x4e5dfa)
          #1 0x7f6477f92fb6 in gnutls_subject_alt_names_init (/usr/lib/x86_64-linux-gnu/libgnutls.so.30+0xe2fb6)
       
      SUMMARY: AddressSanitizer: 27480 byte(s) leaked in 154 allocation(s).
      Aborted
      mysqltest: At line 22: command "$MYSQL --protocol=tcp --ssl-ca=$MYSQL_TEST_DIR/std_data/ca-cert-verify.pem --ssl-verify-server-cert -e "SHOW STATUS like 'Ssl_version'"" failed with wrong error: 134
       
      The result from queries just before the failure was:
      #T1: Host name (/CN=localhost/) as OU name in the server certificate, server certificate verification should fail.
      

      Note: I believe that these leaks occur in all MariaDB versions. This time I only tested with 10.3.

        Attachments

          Activity

            People

            Assignee:
            georg Georg Richter
            Reporter:
            marko Marko Mäkelä
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated: