1 /*
2 * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include <stdio.h>
11 #include <stdlib.h>
12 #include <time.h>
13 #include "internal/cryptlib.h"
14 #include "internal/thread_once.h"
15 #include <openssl/crypto.h>
16 #include <openssl/buffer.h>
17 #include "internal/bio.h"
18 #include <openssl/lhash.h>
19
20 #ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
21 # include <execinfo.h>
22 #endif
23
24 /*
25 * The state changes to CRYPTO_MEM_CHECK_ON | CRYPTO_MEM_CHECK_ENABLE when
26 * the application asks for it (usually after library initialisation for
27 * which no book-keeping is desired). State CRYPTO_MEM_CHECK_ON exists only
28 * temporarily when the library thinks that certain allocations should not be
29 * checked (e.g. the data structures used for memory checking). It is not
30 * suitable as an initial state: the library will unexpectedly enable memory
31 * checking when it executes one of those sections that want to disable
32 * checking temporarily. State CRYPTO_MEM_CHECK_ENABLE without ..._ON makes
33 * no sense whatsoever.
34 */
35 #ifndef OPENSSL_NO_CRYPTO_MDEBUG
36 static int mh_mode = CRYPTO_MEM_CHECK_OFF;
37 #endif
38
39 #ifndef OPENSSL_NO_CRYPTO_MDEBUG
40 static unsigned long order = 0; /* number of memory requests */
41
42 /*-
43 * For application-defined information (static C-string `info')
44 * to be displayed in memory leak list.
45 * Each thread has its own stack. For applications, there is
46 * OPENSSL_mem_debug_push("...") to push an entry,
47 * OPENSSL_mem_debug_pop() to pop an entry,
48 */
49 struct app_mem_info_st {
50 CRYPTO_THREAD_ID threadid;
51 const char *file;
52 int line;
53 const char *info;
54 struct app_mem_info_st *next; /* tail of thread's stack */
55 int references;
56 };
57
58 static CRYPTO_ONCE memdbg_init = CRYPTO_ONCE_STATIC_INIT;
59 CRYPTO_RWLOCK *memdbg_lock;
60 static CRYPTO_RWLOCK *long_memdbg_lock;
61 static CRYPTO_THREAD_LOCAL appinfokey;
62
63 /* memory-block description */
64 struct mem_st {
65 void *addr;
66 int num;
67 const char *file;
68 int line;
69 CRYPTO_THREAD_ID threadid;
70 unsigned long order;
71 time_t time;
72 APP_INFO *app_info;
73 #ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
74 void *array[30];
75 size_t array_siz;
76 #endif
77 };
78
79 /*
80 * hash-table of memory requests (address as * key); access requires
81 * long_memdbg_lock lock
82 */
83 static LHASH_OF(MEM) *mh = NULL;
84
85 /* num_disable > 0 iff mh_mode == CRYPTO_MEM_CHECK_ON (w/o ..._ENABLE) */
86 static unsigned int num_disable = 0;
87
88 /*
89 * Valid iff num_disable > 0. long_memdbg_lock is locked exactly in this
90 * case (by the thread named in disabling_thread).
91 */
92 static CRYPTO_THREAD_ID disabling_threadid;
93
DEFINE_RUN_ONCE_STATIC(do_memdbg_init)94 DEFINE_RUN_ONCE_STATIC(do_memdbg_init)
95 {
96 memdbg_lock = CRYPTO_THREAD_lock_new();
97 long_memdbg_lock = CRYPTO_THREAD_lock_new();
98 if (memdbg_lock == NULL || long_memdbg_lock == NULL
99 || !CRYPTO_THREAD_init_local(&appinfokey, NULL)) {
100 CRYPTO_THREAD_lock_free(memdbg_lock);
101 memdbg_lock = NULL;
102 CRYPTO_THREAD_lock_free(long_memdbg_lock);
103 long_memdbg_lock = NULL;
104 return 0;
105 }
106 return 1;
107 }
108
app_info_free(APP_INFO * inf)109 static void app_info_free(APP_INFO *inf)
110 {
111 if (inf == NULL)
112 return;
113 if (--(inf->references) <= 0) {
114 app_info_free(inf->next);
115 OPENSSL_free(inf);
116 }
117 }
118 #endif
119
CRYPTO_mem_ctrl(int mode)120 int CRYPTO_mem_ctrl(int mode)
121 {
122 #ifdef OPENSSL_NO_CRYPTO_MDEBUG
123 return mode - mode;
124 #else
125 int ret = mh_mode;
126
127 if (!RUN_ONCE(&memdbg_init, do_memdbg_init))
128 return -1;
129
130 CRYPTO_THREAD_write_lock(memdbg_lock);
131 switch (mode) {
132 default:
133 break;
134
135 case CRYPTO_MEM_CHECK_ON:
136 mh_mode = CRYPTO_MEM_CHECK_ON | CRYPTO_MEM_CHECK_ENABLE;
137 num_disable = 0;
138 break;
139
140 case CRYPTO_MEM_CHECK_OFF:
141 mh_mode = 0;
142 num_disable = 0;
143 break;
144
145 /* switch off temporarily (for library-internal use): */
146 case CRYPTO_MEM_CHECK_DISABLE:
147 if (mh_mode & CRYPTO_MEM_CHECK_ON) {
148 CRYPTO_THREAD_ID cur = CRYPTO_THREAD_get_current_id();
149 /* see if we don't have long_memdbg_lock already */
150 if (!num_disable
151 || !CRYPTO_THREAD_compare_id(disabling_threadid, cur)) {
152 /*
153 * Long-time lock long_memdbg_lock must not be claimed
154 * while we're holding memdbg_lock, or we'll deadlock
155 * if somebody else holds long_memdbg_lock (and cannot
156 * release it because we block entry to this function). Give
157 * them a chance, first, and then claim the locks in
158 * appropriate order (long-time lock first).
159 */
160 CRYPTO_THREAD_unlock(memdbg_lock);
161 /*
162 * Note that after we have waited for long_memdbg_lock and
163 * memdbg_lock, we'll still be in the right "case" and
164 * "if" branch because MemCheck_start and MemCheck_stop may
165 * never be used while there are multiple OpenSSL threads.
166 */
167 CRYPTO_THREAD_write_lock(long_memdbg_lock);
168 CRYPTO_THREAD_write_lock(memdbg_lock);
169 mh_mode &= ~CRYPTO_MEM_CHECK_ENABLE;
170 disabling_threadid = cur;
171 }
172 num_disable++;
173 }
174 break;
175
176 case CRYPTO_MEM_CHECK_ENABLE:
177 if (mh_mode & CRYPTO_MEM_CHECK_ON) {
178 if (num_disable) { /* always true, or something is going wrong */
179 num_disable--;
180 if (num_disable == 0) {
181 mh_mode |= CRYPTO_MEM_CHECK_ENABLE;
182 CRYPTO_THREAD_unlock(long_memdbg_lock);
183 }
184 }
185 }
186 break;
187 }
188 CRYPTO_THREAD_unlock(memdbg_lock);
189 return ret;
190 #endif
191 }
192
193 #ifndef OPENSSL_NO_CRYPTO_MDEBUG
194
mem_check_on(void)195 static int mem_check_on(void)
196 {
197 int ret = 0;
198 CRYPTO_THREAD_ID cur;
199
200 if (mh_mode & CRYPTO_MEM_CHECK_ON) {
201 if (!RUN_ONCE(&memdbg_init, do_memdbg_init))
202 return 0;
203
204 cur = CRYPTO_THREAD_get_current_id();
205 CRYPTO_THREAD_read_lock(memdbg_lock);
206
207 ret = (mh_mode & CRYPTO_MEM_CHECK_ENABLE)
208 || !CRYPTO_THREAD_compare_id(disabling_threadid, cur);
209
210 CRYPTO_THREAD_unlock(memdbg_lock);
211 }
212 return ret;
213 }
214
mem_cmp(const MEM * a,const MEM * b)215 static int mem_cmp(const MEM *a, const MEM *b)
216 {
217 #ifdef _WIN64
218 const char *ap = (const char *)a->addr, *bp = (const char *)b->addr;
219 if (ap == bp)
220 return 0;
221 else if (ap > bp)
222 return 1;
223 else
224 return -1;
225 #else
226 return (const char *)a->addr - (const char *)b->addr;
227 #endif
228 }
229
mem_hash(const MEM * a)230 static unsigned long mem_hash(const MEM *a)
231 {
232 size_t ret;
233
234 ret = (size_t)a->addr;
235
236 ret = ret * 17851 + (ret >> 14) * 7 + (ret >> 4) * 251;
237 return ret;
238 }
239
240 /* returns 1 if there was an info to pop, 0 if the stack was empty. */
pop_info(void)241 static int pop_info(void)
242 {
243 APP_INFO *current = NULL;
244
245 if (!RUN_ONCE(&memdbg_init, do_memdbg_init))
246 return 0;
247
248 current = (APP_INFO *)CRYPTO_THREAD_get_local(&appinfokey);
249 if (current != NULL) {
250 APP_INFO *next = current->next;
251
252 if (next != NULL) {
253 next->references++;
254 CRYPTO_THREAD_set_local(&appinfokey, next);
255 } else {
256 CRYPTO_THREAD_set_local(&appinfokey, NULL);
257 }
258 if (--(current->references) <= 0) {
259 current->next = NULL;
260 if (next != NULL)
261 next->references--;
262 OPENSSL_free(current);
263 }
264 return 1;
265 }
266 return 0;
267 }
268
CRYPTO_mem_debug_push(const char * info,const char * file,int line)269 int CRYPTO_mem_debug_push(const char *info, const char *file, int line)
270 {
271 APP_INFO *ami, *amim;
272 int ret = 0;
273
274 if (mem_check_on()) {
275 CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
276
277 if (!RUN_ONCE(&memdbg_init, do_memdbg_init)
278 || (ami = OPENSSL_malloc(sizeof(*ami))) == NULL)
279 goto err;
280
281 ami->threadid = CRYPTO_THREAD_get_current_id();
282 ami->file = file;
283 ami->line = line;
284 ami->info = info;
285 ami->references = 1;
286 ami->next = NULL;
287
288 amim = (APP_INFO *)CRYPTO_THREAD_get_local(&appinfokey);
289 CRYPTO_THREAD_set_local(&appinfokey, ami);
290
291 if (amim != NULL)
292 ami->next = amim;
293 ret = 1;
294 err:
295 CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
296 }
297
298 return ret;
299 }
300
CRYPTO_mem_debug_pop(void)301 int CRYPTO_mem_debug_pop(void)
302 {
303 int ret = 0;
304
305 if (mem_check_on()) {
306 CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
307 ret = pop_info();
308 CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
309 }
310 return ret;
311 }
312
313 static unsigned long break_order_num = 0;
314
CRYPTO_mem_debug_malloc(void * addr,size_t num,int before_p,const char * file,int line)315 void CRYPTO_mem_debug_malloc(void *addr, size_t num, int before_p,
316 const char *file, int line)
317 {
318 MEM *m, *mm;
319 APP_INFO *amim;
320
321 switch (before_p & 127) {
322 case 0:
323 break;
324 case 1:
325 if (addr == NULL)
326 break;
327
328 if (mem_check_on()) {
329 CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
330
331 if (!RUN_ONCE(&memdbg_init, do_memdbg_init)
332 || (m = OPENSSL_malloc(sizeof(*m))) == NULL) {
333 OPENSSL_free(addr);
334 CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
335 return;
336 }
337 if (mh == NULL) {
338 if ((mh = lh_MEM_new(mem_hash, mem_cmp)) == NULL) {
339 OPENSSL_free(addr);
340 OPENSSL_free(m);
341 addr = NULL;
342 goto err;
343 }
344 }
345
346 m->addr = addr;
347 m->file = file;
348 m->line = line;
349 m->num = num;
350 m->threadid = CRYPTO_THREAD_get_current_id();
351
352 if (order == break_order_num) {
353 /* BREAK HERE */
354 m->order = order;
355 }
356 m->order = order++;
357 # ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
358 m->array_siz = backtrace(m->array, OSSL_NELEM(m->array));
359 # endif
360 m->time = time(NULL);
361
362 amim = (APP_INFO *)CRYPTO_THREAD_get_local(&appinfokey);
363 m->app_info = amim;
364 if (amim != NULL)
365 amim->references++;
366
367 if ((mm = lh_MEM_insert(mh, m)) != NULL) {
368 /* Not good, but don't sweat it */
369 if (mm->app_info != NULL) {
370 mm->app_info->references--;
371 }
372 OPENSSL_free(mm);
373 }
374 err:
375 CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
376 }
377 break;
378 }
379 return;
380 }
381
CRYPTO_mem_debug_free(void * addr,int before_p,const char * file,int line)382 void CRYPTO_mem_debug_free(void *addr, int before_p,
383 const char *file, int line)
384 {
385 MEM m, *mp;
386
387 switch (before_p) {
388 case 0:
389 if (addr == NULL)
390 break;
391
392 if (mem_check_on() && (mh != NULL)) {
393 CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
394
395 m.addr = addr;
396 mp = lh_MEM_delete(mh, &m);
397 if (mp != NULL) {
398 app_info_free(mp->app_info);
399 OPENSSL_free(mp);
400 }
401
402 CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
403 }
404 break;
405 case 1:
406 break;
407 }
408 }
409
CRYPTO_mem_debug_realloc(void * addr1,void * addr2,size_t num,int before_p,const char * file,int line)410 void CRYPTO_mem_debug_realloc(void *addr1, void *addr2, size_t num,
411 int before_p, const char *file, int line)
412 {
413 MEM m, *mp;
414
415 switch (before_p) {
416 case 0:
417 break;
418 case 1:
419 if (addr2 == NULL)
420 break;
421
422 if (addr1 == NULL) {
423 CRYPTO_mem_debug_malloc(addr2, num, 128 | before_p, file, line);
424 break;
425 }
426
427 if (mem_check_on()) {
428 CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
429
430 m.addr = addr1;
431 mp = lh_MEM_delete(mh, &m);
432 if (mp != NULL) {
433 mp->addr = addr2;
434 mp->num = num;
435 #ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
436 mp->array_siz = backtrace(mp->array, OSSL_NELEM(mp->array));
437 #endif
438 (void)lh_MEM_insert(mh, mp);
439 }
440
441 CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
442 }
443 break;
444 }
445 return;
446 }
447
448 typedef struct mem_leak_st {
449 int (*print_cb) (const char *str, size_t len, void *u);
450 void *print_cb_arg;
451 int chunks;
452 long bytes;
453 } MEM_LEAK;
454
print_leak(const MEM * m,MEM_LEAK * l)455 static void print_leak(const MEM *m, MEM_LEAK *l)
456 {
457 char buf[1024];
458 char *bufp = buf;
459 size_t len = sizeof(buf), ami_cnt;
460 APP_INFO *amip;
461 int n;
462 struct tm *lcl = NULL;
463 /*
464 * Convert between CRYPTO_THREAD_ID (which could be anything at all) and
465 * a long. This may not be meaningful depending on what CRYPTO_THREAD_ID is
466 * but hopefully should give something sensible on most platforms
467 */
468 union {
469 CRYPTO_THREAD_ID tid;
470 unsigned long ltid;
471 } tid;
472 CRYPTO_THREAD_ID ti;
473
474 lcl = localtime(&m->time);
475 n = BIO_snprintf(bufp, len, "[%02d:%02d:%02d] ",
476 lcl->tm_hour, lcl->tm_min, lcl->tm_sec);
477 if (n <= 0) {
478 bufp[0] = '\0';
479 return;
480 }
481 bufp += n;
482 len -= n;
483
484 n = BIO_snprintf(bufp, len, "%5lu file=%s, line=%d, ",
485 m->order, m->file, m->line);
486 if (n <= 0)
487 return;
488 bufp += n;
489 len -= n;
490
491 tid.ltid = 0;
492 tid.tid = m->threadid;
493 n = BIO_snprintf(bufp, len, "thread=%lu, ", tid.ltid);
494 if (n <= 0)
495 return;
496 bufp += n;
497 len -= n;
498
499 n = BIO_snprintf(bufp, len, "number=%d, address=%p\n", m->num, m->addr);
500 if (n <= 0)
501 return;
502 bufp += n;
503 len -= n;
504
505 l->print_cb(buf, (size_t)(bufp - buf), l->print_cb_arg);
506
507 l->chunks++;
508 l->bytes += m->num;
509
510 amip = m->app_info;
511 ami_cnt = 0;
512
513 if (amip) {
514 ti = amip->threadid;
515
516 do {
517 int buf_len;
518 int info_len;
519
520 ami_cnt++;
521 if (ami_cnt >= sizeof(buf) - 1)
522 break;
523 memset(buf, '>', ami_cnt);
524 buf[ami_cnt] = '\0';
525 tid.ltid = 0;
526 tid.tid = amip->threadid;
527 n = BIO_snprintf(buf + ami_cnt, sizeof(buf) - ami_cnt,
528 " thread=%lu, file=%s, line=%d, info=\"",
529 tid.ltid, amip->file, amip->line);
530 if (n <= 0)
531 break;
532 buf_len = ami_cnt + n;
533 info_len = strlen(amip->info);
534 if (128 - buf_len - 3 < info_len) {
535 memcpy(buf + buf_len, amip->info, 128 - buf_len - 3);
536 buf_len = 128 - 3;
537 } else {
538 n = BIO_snprintf(buf + buf_len, sizeof(buf) - buf_len, "%s",
539 amip->info);
540 if (n < 0)
541 break;
542 buf_len += n;
543 }
544 n = BIO_snprintf(buf + buf_len, sizeof(buf) - buf_len, "\"\n");
545 if (n <= 0)
546 break;
547
548 l->print_cb(buf, buf_len + n, l->print_cb_arg);
549
550 amip = amip->next;
551 }
552 while (amip && CRYPTO_THREAD_compare_id(amip->threadid, ti));
553 }
554
555 #ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
556 {
557 size_t i;
558 char **strings = backtrace_symbols(m->array, m->array_siz);
559
560 for (i = 0; i < m->array_siz; i++)
561 fprintf(stderr, "##> %s\n", strings[i]);
562 free(strings);
563 }
564 #endif
565 }
566
567 IMPLEMENT_LHASH_DOALL_ARG_CONST(MEM, MEM_LEAK);
568
CRYPTO_mem_leaks_cb(int (* cb)(const char * str,size_t len,void * u),void * u)569 int CRYPTO_mem_leaks_cb(int (*cb) (const char *str, size_t len, void *u),
570 void *u)
571 {
572 MEM_LEAK ml;
573
574 /* Ensure all resources are released */
575 OPENSSL_cleanup();
576
577 if (!RUN_ONCE(&memdbg_init, do_memdbg_init))
578 return -1;
579
580 CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
581
582 ml.print_cb = cb;
583 ml.print_cb_arg = u;
584 ml.bytes = 0;
585 ml.chunks = 0;
586 if (mh != NULL)
587 lh_MEM_doall_MEM_LEAK(mh, print_leak, &ml);
588
589 if (ml.chunks != 0) {
590 char buf[256];
591
592 BIO_snprintf(buf, sizeof(buf), "%ld bytes leaked in %d chunks\n",
593 ml.bytes, ml.chunks);
594 cb(buf, strlen(buf), u);
595 } else {
596 /*
597 * Make sure that, if we found no leaks, memory-leak debugging itself
598 * does not introduce memory leaks (which might irritate external
599 * debugging tools). (When someone enables leak checking, but does not
600 * call this function, we declare it to be their fault.)
601 */
602 int old_mh_mode;
603
604 CRYPTO_THREAD_write_lock(memdbg_lock);
605
606 /*
607 * avoid deadlock when lh_free() uses CRYPTO_mem_debug_free(), which uses
608 * mem_check_on
609 */
610 old_mh_mode = mh_mode;
611 mh_mode = CRYPTO_MEM_CHECK_OFF;
612
613 lh_MEM_free(mh);
614 mh = NULL;
615
616 mh_mode = old_mh_mode;
617 CRYPTO_THREAD_unlock(memdbg_lock);
618 }
619 CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_OFF);
620
621 /* Clean up locks etc */
622 CRYPTO_THREAD_cleanup_local(&appinfokey);
623 CRYPTO_THREAD_lock_free(memdbg_lock);
624 CRYPTO_THREAD_lock_free(long_memdbg_lock);
625 memdbg_lock = NULL;
626 long_memdbg_lock = NULL;
627
628 return ml.chunks == 0 ? 1 : 0;
629 }
630
print_bio(const char * str,size_t len,void * b)631 static int print_bio(const char *str, size_t len, void *b)
632 {
633 return BIO_write((BIO *)b, str, len);
634 }
635
CRYPTO_mem_leaks(BIO * b)636 int CRYPTO_mem_leaks(BIO *b)
637 {
638 /*
639 * OPENSSL_cleanup() will free the ex_data locks so we can't have any
640 * ex_data hanging around
641 */
642 bio_free_ex_data(b);
643
644 return CRYPTO_mem_leaks_cb(print_bio, b);
645 }
646
647 # ifndef OPENSSL_NO_STDIO
CRYPTO_mem_leaks_fp(FILE * fp)648 int CRYPTO_mem_leaks_fp(FILE *fp)
649 {
650 BIO *b;
651 int ret;
652
653 /*
654 * Need to turn off memory checking when allocated BIOs ... especially as
655 * we're creating them at a time when we're trying to check we've not
656 * left anything un-free()'d!!
657 */
658 CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
659 b = BIO_new(BIO_s_file());
660 CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
661 if (b == NULL)
662 return -1;
663 BIO_set_fp(b, fp, BIO_NOCLOSE);
664 ret = CRYPTO_mem_leaks_cb(print_bio, b);
665 BIO_free(b);
666 return ret;
667 }
668 # endif
669
670 #endif
671