[xmlsec] Memory leak ( Verify Signature using Invalid Transform type)
Alexwell Sandro
alexwellll at gmail.com
Tue Sep 10 12:26:40 PDT 2013
Ok,
I'm using Windows 7 64bit
Visual Studio 2010
*xmlsec1-1.2.19* linking with ( libiconv-1.9.2, *libxml2-2.9.1* and
libxslt-1.1.28 ) compiled by myself.
The
*ret = xmlOutputBufferClose(buf);*
seems not clean the buffer, when using ("invalid" transform), with return
(-1).
What do you recommend?
On Tue, Sep 10, 2013 at 4:08 PM, Aleksey Sanin <aleksey at aleksey.com> wrote:
> Just to follow up... I've tried to reproduce the issue with the current
> git versions of both XMLSec and LibXML2 but I don't see the memory
> leak. Looking at the code, the only possible scenario to have this leak
> is a missing "close" callback from LibXML2 IO system. It might be either
> version specific (i.e. bug in the old LibXML2) or it might be Windows
> specific (I run tests on Linux + valgrind). I've looked at the current
> LibXML2 code and I don't see any issues there. I wonder if Daniel can
> remember any fixes in this area in the latest releases.
>
> Best,
>
> Aleksey
>
> On 8/30/13 4:10 PM, Alexwell Sandro wrote:
> > I am using xmlsec1-1.2.19
> >
> > Documents attached:
> >
> > *signature_enveloping_edited_invalid_transform.xml*
> > Contains Xml Signature enveloping of binary file edited.
> > (Added Invalid Transform to binary: *<ds:Transform
> > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>* )
> >
> > *log_from_stderr.txt*
> > Contains prints from XmlSec library (eg.:
> > func=xmlSecParserPushBin:file=..\(...) )
> >
> > *log_from_memory_leak_detector.txt*
> > Contains memory leak trace.
> >
> >
> >
> > On Fri, Aug 30, 2013 at 7:06 PM, Aleksey Sanin <aleksey at aleksey.com
> > <mailto:aleksey at aleksey.com>> wrote:
> >
> > Any chance you can send the complete XML file that demonstrates
> > the problem? Or the exact print-out from the memory leak?
> >
> > Thanks in advance,
> >
> > Aleksey
> >
> > On 8/30/13 11:30 AM, Alexwell Sandro wrote:
> > > I create enveloping signature of binary file:
> > >
> > > ...
> > > <ds:Reference Id="myId" URI="#*ObjectId*">
> > > <ds:Transforms>
> > > <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#base64
> "/>
> > > </ds:Transforms>
> > > ...
> > > <ds:Object Id="*ObjectId*">ghimBgkq</ds:Object>
> > > ...
> > >
> > > *I edited the file placing a transform (invalid to binary):*
> > >
> > > ...
> > > <ds:Reference Id="myId" URI="#*ObjectId*">
> > > <ds:Transforms>
> > > <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#base64
> "/>
> > > *<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#
> "/>*
> > > </ds:Transforms>
> > > ...
> > > <ds:Object Id="*ObjectId*">ghimBgkq</ds:Object>
> > > ...
> > >
> > > When verify occurs memory leak.
> > >
> > > Is related to (at *transforms.c* line 2807)
> > > *buffer =
> > >
> >
> (xmlSecTransformIOBufferPtr)xmlMalloc(sizeof(xmlSecTransformIOBuffer));*
> > >
> > > (at *c14n.c* line 277).
> > >
> > > ...
> > > *ret = xmlOutputBufferClose(buf);*
> > > ...
> > > ret contains the value (-1)
> > >
> > > Is memory leak, or some error in my build?
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > _______________________________________________
> > > xmlsec mailing list
> > > xmlsec at aleksey.com <mailto:xmlsec at aleksey.com>
> > > http://www.aleksey.com/mailman/listinfo/xmlsec
> > >
> >
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.aleksey.com/pipermail/xmlsec/attachments/20130910/5a03a596/attachment.html>
More information about the xmlsec
mailing list