memleak (Re: GnuTLS 2.9.3)

Daiki Ueno ueno at
Thu Aug 20 09:32:41 CEST 2009

>>>>> In <edd1458f-9bfd-4282-9aa6-22d15d61aabe at> 
>>>>>	Daiki Ueno <ueno at> wrote:
> Now I run make check and found several memleaks.  One is in
> cdk_keydb_get_pk, and others are in tests (including session ticket
> test...sorry).

...and yet another one is in libgcrypt.  It seems that dsa_generate_ext
does not release the factors array after copying its elements to modern

It can be reproduced with:

$ valgrind --leak-check=full ./cve-2009-1416

in gnutls/tests/.

Here is a fix:

-------------- next part --------------
A non-text attachment was scrubbed...
Name: memleak.diff
Type: text/x-diff
Size: 407 bytes
Desc: not available
URL: </pipermail/attachments/20090820/32b7a49d/attachment.diff>
-------------- next part --------------

Daiki Ueno

More information about the Gcrypt-devel mailing list