Mailing List Archive: GnuPG: gcrypt

memleak (Re: GnuTLS 2.9.3)

Index | Next | Previous | View Threaded

ueno at unixuser

Aug 20, 2009, 12:32 AM

Post #1 of 2 (721 views)
Permalink

memleak (Re: GnuTLS 2.9.3)

>>>>> In <edd1458f-9bfd-4282-9aa6-22d15d61aabe [at] broken>
>>>>> Daiki Ueno <ueno [at] unixuser> wrote:
> Now I run make check and found several memleaks. One is in
> cdk_keydb_get_pk, and others are in tests (including session ticket
> test...sorry).

...and yet another one is in libgcrypt. It seems that dsa_generate_ext
does not release the factors array after copying its elements to modern
r_extrainfo.

It can be reproduced with:

$ valgrind --leak-check=full ./cve-2009-1416

in gnutls/tests/.

Here is a fix:

Attachments:

memleak.diff (0.40 KB)

wk at gnupg

Aug 21, 2009, 1:22 AM

Post #2 of 2 (665 views)
Permalink

Re: memleak (Re: GnuTLS 2.9.3) [In reply to]

On Thu, 20 Aug 2009 09:32, ueno [at] unixuser said:

> + gcry_free (*retfactors);
> *retfactors = NULL;

Yeah. Pretty obvious. I fixed in in trunk and 1.4

Shalom-Salam,

Werner

--
Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz.

_______________________________________________
Gcrypt-devel mailing list
Gcrypt-devel [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gcrypt-devel

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads