QAT_Engine icon indicating copy to clipboard operation
QAT_Engine copied to clipboard
verified publisher icon intel

a code security scanner reports a resource leak in qat_hw_ecx.c

Open nefigtut opened this issue 1 year ago • 3 comments

hi, openscanhub code security scanner reports a number of resource leaks in the qatengine code:

Defect type: RESOURCE_LEAK QAT_Engine-1.6.0/qat_hw_ecx.c:557:13: leaked_storage: Freeing "key" without freeing its pointer field "lock" leaks the storage that "lock" points to. QAT_Engine-1.6.0/qat_hw_ecx.c:315:9: leaked_storage: Freeing "key" without freeing its pointer field "lock" leaks the storage that "lock" points to. QAT_Engine-1.6.0/qat_hw_ecx.c:249:9: leaked_storage: Freeing "key" without freeing its pointer field "lock" leaks the storage that "lock" points to.

indeed, ECX_KEY *key is allocated and in certain cases its .lock field is initiated and a lock structure is allocated. later, when key is freed by OPENSSL_free(key) then key->lock is not freed but leaked:

ECX_KEY *key = NULL;
key = OPENSSL_zalloc(sizeof(*key));
...
#ifdef QAT_OPENSSL_3
# if OPENSSL_VERSION_NUMBER < 0x30200000
    key->references = 1;
    key->lock = CRYPTO_THREAD_lock_new(); ### key->lock is allocated
# else
    key->references.val = 1;
# endif
#endif
...
OPENSSL_free(key); ### key->lock is leaked

It looks like CRYPTO_THREAD_lock_free() (?? not sure here) should be added to all instances of OPENSSL_free(key).

nefigtut avatar Jun 25 '24 13:06 nefigtut

Hi @nefigtut , thank you for raising the issue. We will look into this.

venkatesh6911 avatar Jun 25 '24 15:06 venkatesh6911

Can you give the reproduction steps with openscanhub security scanner ?

venkatesh6911 avatar Jul 30 '24 06:07 venkatesh6911

hi, unfortunately, not. i have used our internal corporate osh instance which is not accessible from the outside. i'm not sure here, osh home page (https://openscanhub.dev/) says:

How to use it? It is running as a Fedora service (you would need Fedora's infrastructure access credentials). Alternatively, you can use it on your local system by following the developer documentation.

alternatively, i believe, if you provide me a fixed package, i can scan it in our internal instance.

nefigtut avatar Aug 05 '24 14:08 nefigtut

The mem leak issues had been fixed based on the details you provided. We could not reproduce the issues with the security scanner though. We will release the package in the mid September.

venkatesh6911 avatar Aug 23 '24 14:08 venkatesh6911

thank you, Venkatesh, most appreciated.

nefigtut avatar Aug 25 '24 15:08 nefigtut