GithubHelp home page GithubHelp logo

Comments (4)

sinbobo avatar sinbobo commented on June 9, 2024 1

My bad, really thanks, god bless you and wish you code with no bugs for the rest of life ^_^

from mbedtls.

gilles-peskine-arm avatar gilles-peskine-arm commented on June 9, 2024

mbedtls_mpi_exp_mod does not free RR because it's an output.

For the call stack you give, this output is cached in the RSA context and should be freed when you call mbedtls_rsa_free.

Can you please share a complete program that reproduces the memory leak?

from mbedtls.

gilles-peskine-arm avatar gilles-peskine-arm commented on June 9, 2024

Here's the problem:

    mbedtls_rsa_context ctx_rsa = *((mbedtls_rsa_context *)(ctxPk.pk_ctx));

Here you're making a shallow copy of the mbedtls_rsa_context structure that's in ctxPk. At the end of your program, you call mbedtls_pk_free, which frees the RSA context in the PK context, but doesn't free the parts of the RSA context in the shallow copy.

The actual key material is in mbedtls_mpi objects for which there is a pointer in the shallow copy and a pointer in the PK context. Those are freed by the call to mbedtls_pk_free. After that call, the shallow copy has dangling pointers. The RR value that is cached in the context is only stored in the shallow copy, and that is never freed.

The fix is to not make a shallow copy. Mbed TLS does not support shallow copies of structures. Instead, directly access the RSA context that's in the PK context. Also, please use the API function instead of accessing fields in an unsafe way.

    mbedtls_rsa_context *ctx_rsa = mbedtls_pk_rsa(*ctxPk);

from mbedtls.

gilles-peskine-arm avatar gilles-peskine-arm commented on June 9, 2024

I am closing this issue because it's an API misuse, not a bug in the library.

from mbedtls.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.