Package: libneon27-gnutls Version: 0.29.6-3 Severity: normal Dear Maintainer,
when libneon27-gnutls is used to connect to a HTTPS-sever it leaks about 4 KB of memeory every time the connection is closed. This bug was discovered by a user of davfs2 which - when running for a long time - finally allocated all of real memory and started swaping. (http://savannah.nongnu.org/support/?108158) The bug can be reproduced more easy using cadaver and valgrind, like $ valgrind --trace-children=yes --leak-check=full --log-file=<log-file> <https-url> After connecting and issuing some commands at the cadaver-UI the log file will show entries like this ==3660== 4,281 bytes in 1 blocks are definitely lost in loss record 65 of 69 ==3660== at 0x40283EE: realloc (vg_replace_malloc.c:632) ==3660== by 0x42AAB0B: ??? (in /usr/lib/i386-linux-gnu/libgnutls.so.26.22.4) ==3660== by 0x42AB8D7: _gnutls_buffer_append_data_prefix (in /usr/lib/i386-linux-gnu/libgnutls.so.26.22.4) ==3660== by 0x429BDFA: ??? (in /usr/lib/i386-linux-gnu/libgnutls.so.26.22.4) ==3660== by 0x429715F: gnutls_session_get_data2 (in /usr/lib/i386-linux-gnu/libgnutls.so.26.22.4) ==3660== by 0x40BABD8: ne_sock_connect_ssl (ne_socket.c:1804) ==3660== by 0x40C5E25: ne__negotiate_ssl (ne_gnutls.c:933) ==3660== by 0x40B1D65: send_request.isra.6 (ne_request.c:1650) ==3660== by 0x40B2683: ne_begin_request (ne_request.c:1189) ==3660== by 0x40B1C04: ne_request_dispatch (ne_request.c:1400) ==3660== by 0x804D999: ??? (in /usr/bin/cadaver) ==3660== by 0x40E8E65: (below main) (libc-start.c:244) The reason is that neon uses ne_free for memory allocated by gnutls instead of gnutls_free. The bug was already reported upstream (http://lists.manyfish.co.uk/pipermail/neon/2014-July/001570.html) but the upstream maintainer did not yet respond. This patch by Patrick Ohly fixes the problem: src/ne_gnutls.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/ne_gnutls.c b/src/ne_gnutls.c index 08d78cc..485b9de 100644 --- a/src/ne_gnutls.c +++ b/src/ne_gnutls.c @@ -694,7 +694,11 @@ void ne_ssl_context_destroy(ne_ssl_context *ctx) { gnutls_certificate_free_credentials(ctx->cred); if (ctx->cache.client.data) { +#if defined(HAVE_GNUTLS_SESSION_GET_DATA2) + gnutls_free(ctx->cache.client.data); +#else ne_free(ctx->cache.client.data); +#endif } else if (ctx->cache.server.key.data) { gnutls_free(ctx->cache.server.key.data); gnutls_free(ctx->cache.server.data.data); Cheers Werner -- System Information: Debian Release: 7.6 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Kernel: Linux 3.2.0-4-686-pae (SMP w/1 CPU core) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages libneon27-gnutls depends on: ii libc6 2.13-38+deb7u3 ii libcomerr2 1.42.5-1.1 ii libgnutls26 2.12.20-8+deb7u2 ii libgssapi-krb5-2 1.10.1+dfsg-5+deb7u1 ii libk5crypto3 1.10.1+dfsg-5+deb7u1 ii libkrb5-3 1.10.1+dfsg-5+deb7u1 ii libxml2 2.8.0+dfsg1-7+wheezy1 ii zlib1g 1:1.2.7.dfsg-13 Versions of packages libneon27-gnutls recommends: ii ca-certificates 20130119 libneon27-gnutls suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
