New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TLS1.2 handshake leaks memory #109

Open

maxtropets opened this issue Feb 27, 2025 · 1 comment

maxtropets commented Feb 27, 2025 •

edited

Loading

Following microsoft/SymCrypt#44, we've also found another leak in TLS handshake, more details here microsoft/CCF#6862.

TL;DR - when connecting to our TLS server explicitly using TLS1.2 on a client, the server leaks after a handshake somewhere inside libcrypto.

We don't have a minimalistic repro example at the moment, but in any case a leak here sounds like an issue.

In case TLS1.2 is deprecated, the backend probably should either fail a handshake or handle memory cleanup correctly.

We also suspect that specifying a particular protocol version on a client may cause this, but we have no real proof for that.

maxtropets mentioned this issue

Memory leak in acme endorsements test microsoft/CCF#6862

Closed

Author

maxtropets commented Feb 27, 2025

Adding a pointer to TLS context we use https://github.com/microsoft/CCF/blob/main/src/tls/context.h#L98, just in case.

samuel-lee-msft transferred this issue from microsoft/SymCrypt

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment