File-descriptor leak in 1.4.0 hkp retrieval

Phil Pennock phil.pennock at globnix.org
Tue Feb 1 16:22:37 CET 2005


Hi,

I think that I've found a file-descriptor leak in the retrieval of keys
via hkp, in keyserver/gpgkeys_hkp.c and verified still present in the
1.4 code, at least as of revision 1.47 (latest in that branch via the
CVSWeb interface, where I double-checked).

I have a shell-script wrapper around a couple of invocations of gpg
which attempts to retrieve all the keys which have signed some keys,
where the keyid isn't already in my public key-ring.  Basically,
a gpg --list-sigs, extract the not-known ones, uniqueify and pass
to --recv-key.

I just used this to retrieve some sigs, which asked for an unexpectedly
high number of keys.  That's my silly fault, but this exposed a
file-descriptor leak in the HKP handling.

-----------------------------< cut here >-------------------------------
gpg: key xxxxxxxx: public key "xxxxxxxxxxxx <xxx at xxxxxx.xxx>" imported
?: subkeys.pgp.net: Host not found
gpgkeys: HKP fetch error: Too many open files
?: subkeys.pgp.net: Host not found
gpgkeys: HKP fetch error: Too many open files
?: subkeys.pgp.net: Host not found
gpgkeys: HKP fetch error: Too many open files
?: subkeys.pgp.net: Host not found
gpgkeys: HKP fetch error: Too many open files
-----------------------------< cut here >-------------------------------

Looking at the code, it seems that in keyserver/gpgkeys_hkp.c in
get_key(), there's a missing call to http_close(&hd) which appears to
belong at the end of the function.

But I'm not a gnupg developer and don't know if this is anywhere near
right.  I've only looked at the code enough to identify what appears to
be a likely candidate (but it doesn't look as though the fd is kept for
persistence ...); sorry if this is a bogus report.

Thanks,
-Phil



More information about the Gnupg-devel mailing list