Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. GnuPG>
  3. gcrypt
memleak (Re: GnuTLS 2.9.3)
ueno at unixuser
Aug 20, 2009, 12:32 AM
Post #1 of 2 (1036 views)
Permalink
>>>>> In <edd1458f-9bfd-4282-9aa6-22d15d61aabe@broken.deisui.org>
>>>>> Daiki Ueno <ueno@unixuser.org> wrote:
> Now I run make check and found several memleaks. One is in
> cdk_keydb_get_pk, and others are in tests (including session ticket
> test...sorry).

...and yet another one is in libgcrypt. It seems that dsa_generate_ext
does not release the factors array after copying its elements to modern
r_extrainfo.

It can be reproduced with:

$ valgrind --leak-check=full ./cve-2009-1416

in gnutls/tests/.

Here is a fix:

Attached Files:

Re: memleak (Re: GnuTLS 2.9.3) [ In reply to ]
wk at gnupg
Aug 21, 2009, 1:22 AM
Post #2 of 2 (968 views)
Permalink
On Thu, 20 Aug 2009 09:32, ueno@unixuser.org said:

> + gcry_free (*retfactors);
> *retfactors = NULL;

Yeah. Pretty obvious. I fixed in in trunk and 1.4



Shalom-Salam,

Werner

--
Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz.


_______________________________________________
Gcrypt-devel mailing list
Gcrypt-devel@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gcrypt-devel

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal