Attachment #221740 for bug #252829

View | Details | Raw Unified | Return to bug 252829
Collapse All | Expand All





PORTNAME=	wolfssl
PORTVERSION=	4.6.0
PORTREVISION=	1
CATEGORIES=	security devel
MASTER_SITES=	https://www.wolfssl.com/ \
		LOCAL/fox


GNU_CONFIGURE=	yes
CONFIGURE_ARGS=	--disable-dependency-tracking \
		--enable-certgen \
		--enable-des3 \
		--enable-dh \
		--enable-dsa \
		--enable-dtls \
		--enable-ecc \
		--enable-ipv6 \
		--enable-keygen \
		--enable-opensslall \
		--enable-opensslextra \
		--enable-ripemd \
		--enable-sessioncerts \
		--enable-sha512 \
		--enable-shared \
		--enable-sni \

		--enable-tls13 \
		--enable-tls13-draft18
TEST_TARGET=	check
CFLAGS+=	-DWOLFSSL_ALT_NAMES
PORTDOCS=	*
OPTIONS_DEFINE=	DEBUG DOCS

DEBUG_CONFIGURE_ON=	--enable-debug

post-configure:
	@${REINPLACE_CMD} \

		-e '/^pkgconfigdir/s|(libdir)|&data|' \
		${WRKSRC}/Makefile

post-install-DEBUG-off:
	@${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/libwolfssl.so

.include <bsd.port.mk>




From 0aead8cb868003a5dff2e81d6a7ffd7579652610 Mon Sep 17 00:00:00 2001
From: Fabian Keil <fk@fabiankeil.de>
Date: Sun, 17 Jan 2021 11:21:59 +0100
Subject: [PATCH] wolfSSL_CertManagerFree(): free refMutex

Fixes memory leaks like:
       ==323== 96 bytes in 1 blocks are definitely lost in loss record 3 of 4
       ==323==    at 0x4C291E1: calloc (in /usr/local/lib/valgrind/vgpreload_memcheck-amd64-freebsd.so)
       ==323==    by 0x585495F: pthread_mutex_init (in /lib/libthr.so.3)
       ==323==    by 0x4E7B5E8: wc_InitMutex (wc_port.c:1071)
       ==323==    by 0x4F09540: wolfSSL_CertManagerNew_ex (ssl.c:3596)
       ==323==    by 0x4EC6A81: InitSSL_Ctx (internal.c:1752)
       ==323==    by 0x4F0441E: wolfSSL_CTX_new_ex (ssl.c:394)
       ==323==    by 0x4F04658: wolfSSL_CTX_new (ssl.c:436)
       ==323==    by 0x400AA2: main (wolfssl-ctx-leak.c:9)

This is a partial cherry-pick of upstream commit
9598c037168b73ce2f by Tesfa Mael.
---
 src/ssl.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git src/ssl.c src/ssl.c
index 19d36795e..9433d302e 100644
--- src/ssl.c
+++ src/ssl.c
@@ -3663,7 +3663,9 @@ void wolfSSL_CertManagerFree(WOLFSSL_CERT_MANAGER* cm)
             FreeTrustedPeerTable(cm->tpTable, TP_TABLE_SIZE, cm->heap);
             wc_FreeMutex(&cm->tpLock);
             #endif
-
+            if (wc_FreeMutex(&cm->refMutex) != 0) {
+                WOLFSSL_MSG("Couldn't free refMutex mutex");
+            }
             XFREE(cm, cm->heap, DYNAMIC_TYPE_CERT_MANAGER);
         }
     }
-- 
2.30.0


Return to bug 252829

Lines 2-7 Link Here

(-)b/security/wolfssl/Makefile (-2 / +10 lines)
2		2
3	PORTNAME= wolfssl	3	PORTNAME= wolfssl
4	PORTVERSION= 4.6.0	4	PORTVERSION= 4.6.0
		5	PORTREVISION= 1
5	CATEGORIES= security devel	6	CATEGORIES= security devel
6	MASTER_SITES= https://www.wolfssl.com/ \	7	MASTER_SITES= https://www.wolfssl.com/ \
7	LOCAL/fox	8	LOCAL/fox
Lines 16-29 USE_LDCONFIG= yes Link Here
16		17
17	GNU_CONFIGURE= yes	18	GNU_CONFIGURE= yes
18	CONFIGURE_ARGS= --disable-dependency-tracking \	19	CONFIGURE_ARGS= --disable-dependency-tracking \
		20	--enable-certgen \
		21	--enable-des3 \
19	--enable-dh \	22	--enable-dh \
20	--enable-dsa \	23	--enable-dsa \
21	--enable-dtls \	24	--enable-dtls \
22	--enable-ecc \	25	--enable-ecc \
23	--enable-ipv6 \	26	--enable-ipv6 \
24	--enable-keygen \	27	--enable-keygen \
		28	--enable-opensslall \
25	--enable-opensslextra \	29	--enable-opensslextra \
26	--enable-ripemd \	30	--enable-ripemd \
		31	--enable-sessioncerts \
27	--enable-sha512 \	32	--enable-sha512 \
28	--enable-shared \	33	--enable-shared \
29	--enable-sni \	34	--enable-sni \
Lines 32-39 CONFIGURE_ARGS= --disable-dependency-tracking \ Link Here
32	--enable-tls13 \	37	--enable-tls13 \
33	--enable-tls13-draft18	38	--enable-tls13-draft18
34	TEST_TARGET= check	39	TEST_TARGET= check
		40	CFLAGS+= -DWOLFSSL_ALT_NAMES
35	PORTDOCS= *	41	PORTDOCS= *
36	OPTIONS_DEFINE= DOCS	42	OPTIONS_DEFINE= DEBUG DOCS
		43
		44	DEBUG_CONFIGURE_ON= --enable-debug
37		45
38	post-configure:	46	post-configure:
39	@${REINPLACE_CMD} \	47	@${REINPLACE_CMD} \
Lines 42-48 post-configure: Link Here
42	-e '/^pkgconfigdir/s\|(libdir)\|&data\|' \	50	-e '/^pkgconfigdir/s\|(libdir)\|&data\|' \
43	${WRKSRC}/Makefile	51	${WRKSRC}/Makefile
44		52
45	post-install:	53	post-install-DEBUG-off:
46	@${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/libwolfssl.so	54	@${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/libwolfssl.so
47		55
48	.include <bsd.port.mk>	56	.include <bsd.port.mk>

Added Link Here

(-)b/security/wolfssl/files/patch-src-ssl.c (-1 / +40 lines)
0	-	1	From 0aead8cb868003a5dff2e81d6a7ffd7579652610 Mon Sep 17 00:00:00 2001
		2	From: Fabian Keil <fk@fabiankeil.de>
		3	Date: Sun, 17 Jan 2021 11:21:59 +0100
		4	Subject: [PATCH] wolfSSL_CertManagerFree(): free refMutex
		5
		6	Fixes memory leaks like:
		7	==323== 96 bytes in 1 blocks are definitely lost in loss record 3 of 4
		8	==323== at 0x4C291E1: calloc (in /usr/local/lib/valgrind/vgpreload_memcheck-amd64-freebsd.so)
		9	==323== by 0x585495F: pthread_mutex_init (in /lib/libthr.so.3)
		10	==323== by 0x4E7B5E8: wc_InitMutex (wc_port.c:1071)
		11	==323== by 0x4F09540: wolfSSL_CertManagerNew_ex (ssl.c:3596)
		12	==323== by 0x4EC6A81: InitSSL_Ctx (internal.c:1752)
		13	==323== by 0x4F0441E: wolfSSL_CTX_new_ex (ssl.c:394)
		14	==323== by 0x4F04658: wolfSSL_CTX_new (ssl.c:436)
		15	==323== by 0x400AA2: main (wolfssl-ctx-leak.c:9)
		16
		17	This is a partial cherry-pick of upstream commit
		18	9598c037168b73ce2f by Tesfa Mael.
		19	---
		20	src/ssl.c \| 4 +++-
		21	1 file changed, 3 insertions(+), 1 deletion(-)
		22
		23	diff --git src/ssl.c src/ssl.c
		24	index 19d36795e..9433d302e 100644
		25	--- src/ssl.c
		26	+++ src/ssl.c
		27	@@ -3663,7 +3663,9 @@ void wolfSSL_CertManagerFree(WOLFSSL_CERT_MANAGER* cm)
		28	FreeTrustedPeerTable(cm->tpTable, TP_TABLE_SIZE, cm->heap);
		29	wc_FreeMutex(&cm->tpLock);
		30	#endif
		31	-
		32	+ if (wc_FreeMutex(&cm->refMutex) != 0) {
		33	+ WOLFSSL_MSG("Couldn't free refMutex mutex");
		34	+ }
		35	XFREE(cm, cm->heap, DYNAMIC_TYPE_CERT_MANAGER);
		36	}
		37	}
		38	--
		39	2.30.0
		40