在编译smartdns时开启debug模式:
make DEBUG=1
通过valgrind启动smartdns:
valgrind --log-file=valgrind.log --tool=memcheck --leak-check=full --show-leak-kinds=all ./src/smartdns -f -c ./smartdns.conf
日志显示明显有内存泄露
==791593== 7,014 (224 direct, 6,790 indirect) bytes in 7 blocks are definitely lost in loss record 5 of 5
==791593== at 0x48407B4: malloc (vg_replace_malloc.c:381)
==791593== by 0x4B35018: CRYPTO_zalloc (in /usr/lib/x86_64-linux-gnu/libcrypto.so.3)
==791593== by 0x4BB1087: OPENSSL_sk_new_reserve (in /usr/lib/x86_64-linux-gnu/libcrypto.so.3)
==791593== by 0x49FDBEC: ??? (in /usr/lib/x86_64-linux-gnu/libcrypto.so.3)
==791593== by 0x49FCFC5: ??? (in /usr/lib/x86_64-linux-gnu/libcrypto.so.3)
==791593== by 0x49FE12D: ASN1_item_d2i_ex (in /usr/lib/x86_64-linux-gnu/libcrypto.so.3)
==791593== by 0x4BD12A1: X509V3_EXT_d2i (in /usr/lib/x86_64-linux-gnu/libcrypto.so.3)
==791593== by 0x129857: _dns_client_verify_common_name (dns_client.c:3165)
==791593== by 0x129CF5: _dns_client_tls_verify (dns_client.c:3251)
==791593== by 0x12A3A1: _dns_client_process_tls (dns_client.c:3372)
==791593== by 0x12A8D4: _dns_client_process (dns_client.c:3488)
==791593== by 0x12DF56: _dns_client_work (dns_client.c:4672)
==791593==
==791593== LEAK SUMMARY:
==791593== definitely lost: 224 bytes in 7 blocks
==791593== indirectly lost: 6,790 bytes in 385 blocks
==791593== possibly lost: 0 bytes in 0 blocks
==791593== still reachable: 0 bytes in 0 blocks
==791593== suppressed: 0 bytes in 0 blocks
位于src/dns_client.c文件3165行,alt_names未释放。
alt_names = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
解决:
--- src/dns_client.c 2025-02-27 18:49:04.252529938 +0800
+++ ../dns_client.c 2025-02-27 15:44:26.674269770 +0800
@@ -3183,6 +3183,7 @@
tlog(TLOG_DEBUG, "peer SAN: %s", dns->data);
if (_dns_client_tls_matchName(tls_host_verify, (char *)dns->data, dns->length) == 0) {
tlog(TLOG_DEBUG, "peer SAN match: %s", dns->data);
+ GENERAL_NAMES_free(alt_names);
return 0;
}
} break;
@@ -3196,6 +3197,7 @@
errout:
tlog(TLOG_WARN, "server %s CN is invalid, peer CN: %s, expect CN: %s", server_info->ip, peer_CN, tls_host_verify);
server_info->prohibit = 1;
+ GENERAL_NAMES_free(alt_names);
return -1;
}
标签:none