[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: GnuTLS leaks a file descriptor in _gnutls_psk_pwd_find_entry()
|
From: |
Simon Josefsson |
|
Subject: |
Re: GnuTLS leaks a file descriptor in _gnutls_psk_pwd_find_entry() |
|
Date: |
Thu, 03 Apr 2008 10:00:44 +0200 |
|
User-agent: |
Gnus/5.110007 (No Gnus v0.7) Emacs/22.1 (gnu/linux) |
Laurence Withers <address@hidden> writes:
> Hi,
>
> I've found that GnuTLS leaks a file descriptor in
> _gnutls_psk_pwd_find_entry() (from src/lib/auth_psk_pwd.c) . On line
> 175, we see a call to open a file:
>
> FILE* fd;
> /* ... */
> fd = fopen (cred->password_file, "r");
>
> However, there is no associated call to fclose. The attached patch,
> against version 2.2.2, adds a call to fclose() in each of the possible
> exit paths.
>
> I have tested it with the application in which I noticed the leak; the
> leak no longer occurs. The patch also applies cleanly against 2.3.4,
> although I did not perform a runtime test.
Hi! Thanks for the report, I applied the patch both to gnutls_2_2_x and
master.
Thanks,
/Simon
> Bye for now,
> --
> Laurence Withers, <address@hidden> -- jabber:address@hidden
> http://www.lwithers.me.uk/ tel:+447753988197
>
> --- gnutls-2.2.2/lib/auth_psk_passwd.c.old 2008-04-02 18:00:52.000000000
> +0000
> +++ gnutls-2.2.2/lib/auth_psk_passwd.c 2008-04-02 18:01:35.000000000
> +0000
> @@ -195,11 +195,14 @@
> if (ret < 0)
> {
> gnutls_assert ();
> + fclose (fd);
> return GNUTLS_E_SRP_PWD_ERROR;
> }
> + fclose (fd);
> return 0;
> }
> }
> + fclose (fd);
>
> /* user was not found. Fake him.
> * the last index found and randomize the entry.
>
> _______________________________________________
> Gnutls-devel mailing list
> address@hidden
> http://lists.gnu.org/mailman/listinfo/gnutls-devel