>>>>> In <edd1458f-9bfd-4282-9aa6-22d15d61aabe@broken.deisui.org>
>>>>> Daiki Ueno <ueno@unixuser.org> wrote:
> Now I run make check and found several memleaks. One is in
> cdk_keydb_get_pk, and others are in tests (including session ticket
> test...sorry).
...and yet another one is in libgcrypt. It seems that dsa_generate_ext
does not release the factors array after copying its elements to modern
r_extrainfo.
It can be reproduced with:
$ valgrind --leak-check=full ./cve-2009-1416
in gnutls/tests/.
Here is a fix:
>>>>> Daiki Ueno <ueno@unixuser.org> wrote:
> Now I run make check and found several memleaks. One is in
> cdk_keydb_get_pk, and others are in tests (including session ticket
> test...sorry).
...and yet another one is in libgcrypt. It seems that dsa_generate_ext
does not release the factors array after copying its elements to modern
r_extrainfo.
It can be reproduced with:
$ valgrind --leak-check=full ./cve-2009-1416
in gnutls/tests/.
Here is a fix: