On Sat, 2014-04-26 at 10:42 +0200, Martin Kletzander wrote: > On Tue, Apr 22, 2014 at 04:01:20PM +0200, Martin Kletzander wrote: > >Hello, > > > >I recently upgraded to gnutls-3.3.0 (from 3.2.13) and found out that > >there are 2 FDs leaked (read-only, pointing to /dev/urandom) into some > >processes. Looking at the code it looks like there should be > >FD_CLOEXEC set, but it leaks through anyway. The backtrace when > >opening those files is: > I've gone through bisecting the repo and found out the first bad > commit is this one: > > commit d5d302e278c3a813994f3fe3026f3990fd6a23d9 > Author: Nikos Mavrogiannopoulos <[email protected]> > Date: Sat Nov 30 19:08:38 2013 +0100 > > constructor and destructors were moved outside the FIPS140 mode.
This effectively moved gnutls_global_init() and _deinit() to library constructor and destructor respectively. That means that any descriptors will be left open until the library is unloaded. The fact though that there are 2 descriptors open seems like a bug. I'll check it. regards, Nikos _______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
