海运的博客

使用valgrind定位解决smartdns内存泄露

发布时间:February 27, 2025 // 分类: // No Comments

在编译smartdns时开启debug模式:

make DEBUG=1

通过valgrind启动smartdns:

valgrind --log-file=valgrind.log --tool=memcheck --leak-check=full --show-leak-kinds=all ./src/smartdns -f -c ./smartdns.conf 

日志显示明显有内存泄露

==791593== 7,014 (224 direct, 6,790 indirect) bytes in 7 blocks are definitely lost in loss record 5 of 5
==791593==    at 0x48407B4: malloc (vg_replace_malloc.c:381)
==791593==    by 0x4B35018: CRYPTO_zalloc (in /usr/lib/x86_64-linux-gnu/libcrypto.so.3)
==791593==    by 0x4BB1087: OPENSSL_sk_new_reserve (in /usr/lib/x86_64-linux-gnu/libcrypto.so.3)
==791593==    by 0x49FDBEC: ??? (in /usr/lib/x86_64-linux-gnu/libcrypto.so.3)
==791593==    by 0x49FCFC5: ??? (in /usr/lib/x86_64-linux-gnu/libcrypto.so.3)
==791593==    by 0x49FE12D: ASN1_item_d2i_ex (in /usr/lib/x86_64-linux-gnu/libcrypto.so.3)
==791593==    by 0x4BD12A1: X509V3_EXT_d2i (in /usr/lib/x86_64-linux-gnu/libcrypto.so.3)
==791593==    by 0x129857: _dns_client_verify_common_name (dns_client.c:3165)
==791593==    by 0x129CF5: _dns_client_tls_verify (dns_client.c:3251)
==791593==    by 0x12A3A1: _dns_client_process_tls (dns_client.c:3372)
==791593==    by 0x12A8D4: _dns_client_process (dns_client.c:3488)
==791593==    by 0x12DF56: _dns_client_work (dns_client.c:4672)
==791593== 
==791593== LEAK SUMMARY:
==791593==    definitely lost: 224 bytes in 7 blocks
==791593==    indirectly lost: 6,790 bytes in 385 blocks
==791593==      possibly lost: 0 bytes in 0 blocks
==791593==    still reachable: 0 bytes in 0 blocks
==791593==         suppressed: 0 bytes in 0 blocks

位于src/dns_client.c文件3165行,alt_names未释放。

alt_names = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);

解决:

--- src/dns_client.c    2025-02-27 18:49:04.252529938 +0800
+++ ../dns_client.c     2025-02-27 15:44:26.674269770 +0800
@@ -3183,6 +3183,7 @@
                        tlog(TLOG_DEBUG, "peer SAN: %s", dns->data);
                        if (_dns_client_tls_matchName(tls_host_verify, (char *)dns->data, dns->length) == 0) {
                                tlog(TLOG_DEBUG, "peer SAN match: %s", dns->data);
+                                GENERAL_NAMES_free(alt_names);
                                return 0;
                        }
                } break;
@@ -3196,6 +3197,7 @@
 errout:
        tlog(TLOG_WARN, "server %s CN is invalid, peer CN: %s, expect CN: %s", server_info->ip, peer_CN, tls_host_verify);
        server_info->prohibit = 1;
+        GENERAL_NAMES_free(alt_names);
        return -1;
 }

标签:none

发表评论

分类
最新文章
最近回复
  • opnfense: 谢谢博主!!!解决问题了!!!我之前一直以为内置的odhcp6就是唯一管理ipv6的方式
  • liyk: 这个方法获取的IPv6大概20分钟之后就会失效,默认路由先消失,然后Global IPV6再消失
  • 海运: 不好意思,没有。
  • zongboa: 您好,請問一下有immortalwrt設定guest Wi-Fi的GUI教學嗎?感謝您。
  • 海运: 恩山有很多。
  • swsend: 大佬可以分享一下固件吗,谢谢。
  • Jimmy: 方法一 nghtp3步骤需要改成如下才能编译成功: git clone https://git...
  • 海运: 地址格式和udpxy一样,udpxy和msd_lite能用这个就能用。
  • 1: 怎么用 编译后的程序在家里路由器内任意一台设备上运行就可以吗?比如笔记本电脑 m参数是笔记本的...
  • 孤狼: ups_status_set: seems that UPS [BK650M2-CH] is ...