[gnutls-devel] memory leak within p11-kit from gnutls_pkcs11_init()

Daniel Kahn Gillmor dkg at fifthhorseman.net
Sat Feb 16 06:38:04 CET 2013

hi gnutls folks--

There are a couple per-process memory leaks in gnutls's pkcs11 stack.
I've just committed a fix for them to the gnutls master branch:

diff --git a/lib/pkcs11.c b/lib/pkcs11.c
index ecddf99..68f8bd9 100644
--- a/lib/pkcs11.c
+++ b/lib/pkcs11.c
@@ -625,6 +625,7 @@ gnutls_pkcs11_deinit (void)
       if (providers[i].initialized)
         p11_kit_finalize_module (providers[i].module);
+      gnutls_free (providers[i].slots);
   active_providers = 0;
@@ -634,6 +635,8 @@ gnutls_pkcs11_deinit (void)
   gnutls_pkcs11_set_pin_function (NULL, NULL);
   gnutls_pkcs11_set_token_function (NULL, NULL);
+  p11_kit_pin_unregister_callback (P11_KIT_PIN_FALLBACK, p11_kit_pin_file_callback,
+                                   NULL);

These are not of high importance -- they're per library load, not
per-TLS session; and only when PKCS#11 is enabled (and even then one of
them only leaks when there are actually PKCS#11 modules configured).
But cleaning up minor memory leaks like this should make it easier to
hunt down other memory leaks without them being lost in the noise.

Nikos, i'm not sure if this commit was verbose enough, or if you want me
to commit a comparable fix to the gnutls_3_0_x-2 or gnutls_2_12_x
branches.  please let me know if you'd like me to do so, or if you have
any other concerns about the commit.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 965 bytes
Desc: not available
URL: </pipermail/attachments/20130216/7b09dbc0/attachment.pgp>

More information about the Gnutls-devel mailing list