Memory leak: TSS2_TCTI_CONTEXT and TSS2_SYS_CONTEXT never get released

[liuqun]

Memory leaks after every "C_OpenSession()/C_CloseSession()" or "session_init()/session_close()" invocation pair:

tpm2-pk11/src/pk11.c

Lines 66 to 76 in 801f8e6

	CK_RV C_OpenSession(CK_SLOT_ID id, CK_FLAGS flags, CK_VOID_PTR application, CK_NOTIFY notify, CK_SESSION_HANDLE_PTR session) {
	print_log(VERBOSE, "C_OpenSession: id = %d, flags = %x", id, flags);
	*session = (unsigned long) malloc(sizeof(struct session));
	if ((void*) *session == NULL)
	return CKR_GENERAL_ERROR;
	int ret = session_init((struct session*) *session, &pk11_config);
	return ret != 0 ? CKR_GENERAL_ERROR : CKR_OK;
	}

tpm2-pk11/src/pk11.c

Lines 77 to 82 in 801f8e6

	CK_RV C_CloseSession(CK_SESSION_HANDLE session_handle) {
	print_log(VERBOSE, "C_CloseSession: session = %x", session_handle);
	session_close(get_session(session_handle));
	free(get_session(session_handle));
	return CKR_OK;
	}

Reason:
In session_init(), tcti_ctx and session->context is assigned with calloc():

tpm2-pk11/src/sessions.c

Line 75 in 3b93c1e

tcti_ctx = (TSS2_TCTI_CONTEXT*) calloc(1, size);

tpm2-pk11/src/sessions.c

Line 108 in 3b93c1e

session->context = (TSS2_SYS_CONTEXT*) calloc(1, size);

Currently after session_close()/Tss2_Sys_Finalize() is called, both the TSS2_TCTI_CONTEXT and TSS2_SYS_CONTEXT will never get released.

tpm2-pk11/src/sessions.c

Lines 135 to 139 in 3b93c1e

	void session_close(struct session* session) {
	object_free(session->objects);
	Tss2_Sys_Finalize(session->context);
	open_sessions--;
	}

---

see: https://github.com/tpm2-software/tpm2-tss/blob/master/sysapi/sysapi/Tss2_Sys_Finalize.c

TSS2_RC Tss2_Sys_Finalize(
    TSS2_SYS_CONTEXT *sysContext)
{
    return TSS2_RC_SUCCESS;
}

libsapi and libtcti functions require us to provided pre-allocated TSS2_TCTI_CONTEXT and TSS2_SYS_CONTEXT memory block from the caller side. And their finalize-functions will leave the caller's pre-allocated memory storage unreleased as designed.

Standard APIs

• Tss2_Sys_Initialize(sysContext, size, tctiContext, &abi_version)
• Tss2_Sys_Finalize(sysContext)
• Tss2_Tcti_Device_Init(), Tss2_Tcti_Mssim_Init() , Tss2_Tcti_Tabrmd_Init()
• Tss2_Tcti_Finalize(tctiContext)

Legacy APIs

• deprecated tss2_tcti_finalize(tctiContext)
• deprecated InitSocketTcti(tctiContext, &size, &socket_conf, 0)
• deprecated InitDeviceTcti(tctiContext, &size, &conf)
• deprecated tss2_tcti_tabrmd_init(tctiContext, &size)

[liuqun]

PATCH CODE

void session_close(struct session* session) {
  TSS2_TCTI_CONTEXT *tcti_ctx;

  object_free(session->objects);

  tcti_ctx = NULL;
  if (Tss2_Sys_GetTctiContext(session->context, &tcti_ctx) != TSS2_RC_SUCCESS) {
    tcti_ctx = NULL;
  }

  Tss2_Sys_Finalize(session->context);
  free(session->context);
  session->context = NULL;

  if (tcti_ctx) {
    Tss2_Tcti_Finalize(tcti_ctx);
    free(tcti_ctx);
    tcti_ctx = NULL;
  }

  open_sessions--;
}

Note: Old stable 1.x branch of TSS currently does not support Tss2_Tcti_Finalize() yet. We need to define it ourselves. The following code implements Tss2_Tcti_Finalize() though an inline function.

/* Micro Tss2_Tcti_Finalize was introduced since 2017-11-20 commit: https://github.com/tpm2-software/tpm2-tss/commit/930b5c1f8feeb13bec29a36c8a5753fb15e27cf6
 * Formerly, the micro was named in lower case tss2_tcti_finalize in sapi/tss2_tcti.h
 * The Camel_Case macro "Tss2_Tcti_Finalize()" should be used in the future instead of the deprecated lower_case one.
 * Here is a patch for branch 1.x of tpm2-tss
 */
#ifndef Tss2_Tcti_Finalize
inline void Tss2_Tcti_Finalize(TSS2_TCTI_CONTEXT *tcti_ctx) {
    TSS2_TCTI_FINALIZE_FCN finalize_func_ptr = NULL;
    if (!tcti_ctx || TSS2_TCTI_VERSION(tcti_ctx) < 1) {
        return;
    }
    finalize_func_ptr = TSS2_TCTI_FINALIZE(tcti_ctx);
    if (!finalize_func_ptr) {
        return;
    }
    finalize_func_ptr(tcti_ctx);
}
#endif