Memory leaks are observed for libgnutls in multi-thread mode

Thu Oct 29 09:15:51 CET 2009

Indeed. However I plan to fix the case for client certificate as well,
in the next few days.

regards,
Nikos

2009/10/29 tangtong <tang__tong at hotmail.com>:
> Hi,Nikos
> I have rebuilt the lib with the latest daily snap shot and the GIT snapshot
> commited by you, the memory leak and core issue have been resolved.
>
> One more question: in your commit comments:
> "3. In TLS 1.2 when a certificate request is sent, support is not complete.
> In that case abort the handshake. By checking
> TLS 1.2 it seems that the algorithms to be used for the signature in the
> certificate verify message are negotiated not at
> the client/server hello messages but rather selected by the server at the
> certificate request. This might not look as bad, but since in this message
> we have to sign all previous handshake messages, it forces us to keep all
> the handshake messages into a buffer until this point... I don't know who
> proposed this change to the TLS WG, but it seems it wasn't really thought
> of."
>
> If client certificate is not needed, the current implemenation can support
> TLS1.2, right?
>
> Regards
> Tony
>
>
> ________________________________
> ! From: tang__tong at hotmail.com
> To: nmav at gnutls.org
> Date: Mon, 26 Oct 2009 01:35:35 +0000
> CC: simon at josefsson.org; help-gnutls at gnu.org
> Subject: RE: Memory leaks are observed for libgnutls in multi-thread mode
>
> Hi,Nikos
> I have reproduced the core dump with the server/client in the attach. If not
> using the memory-leak patch, the core will not happen.
>
> Regards
> Tony
>
> ________________________________
> From: tang__tong at hotmail.com
> To: nmav at gnutls.org
> Date: Fri, 23 Oct 2009 14:28:50 +0000
> CC: simon at josefsson.org; help-gnutls at gnu.org
> Subject: RE: Memory leaks are observed for libgnutls in multi-thread mode
>
> Hi,Nikos
>
> The server is implemented by myself with gnutls2.9.4 and your patch. To make
> investigation easy, I will build a simplified server based on gnutls demo
> server codes and let you know the results later.
>
>
> Regards
> Tony
>
>
>> Date: Fri, 23 Oct 2009 10:38:20 +0300
>> Subject: Re: Memory leaks are observed for libgnutls in multi-thread mode
>> From: nmav at gnutls.org
>> To: tang__tong at hotmail.com
>> CC: simon at josefsson.org; help-gnutls at gnu.org
>>
>> Thanks. However in order to reproduce it I need to know to which
>> server you connect to and which options does this server use?
>>
>> 2009/10/23 tangtong <tang__tong at hotmail.com>:
>> > Hi,Nikos
>> >
>> > The gnutls-cli built by me will core when I enable TLS1.2. I think the
>> > code
>> > base I use is a little diffent from what you are using. The following is
>> > my
>> > steps to setup the build enviorment:
>> > 1)Download a gnutls releaes package 2.8.3 and decompress it;
>> > 2)Download 2.9.4 snap shot and uncompress it to the directory created in
>> > the
>> > step 1);
>> > 3)Run patch you provide.
>> >
> ! > > Seems only snapshot of 2.9.4 is not the whole build env, that's why i
>> > decompress it to a build enviorment of 2.8.3.
>> >
>> > Regards
>> > Tony
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >> Date: Thu, 22 Oct 2009 19:31:02 +0300
>> >> From: nmav at gnutls.org
>> >> To: tang__tong at hotmail.com
>> >> CC: simon at josefsson.org; help-gnutls at gnu.org
>> >> Subject: Re: Memory leaks are observed for libgnutls in multi-thread
>> >> mode
>> >>
>> >> tangtong wrote:
>> >> > Hi,Nikos
>> >>
>> >> > 2)The patch doesn't support
>> >> > "NONE:+VERS-TLS1.2:+AES-256-CBC:+RSA:+SHA256:+COMP-NULL", I t! hink
>> >> > your
>> >> > patch disable the tls1.2 support, it will core with the following
>> >> > dump
>> >> > info:
>> >> > fe9a2bb8 _gcry_m! d_copy (ffbff33c, 0, 0, febc6ed0, 14f8, fed3805c) +
>> >> > 4
>> >> > feca8dfc _gnutls_hash_copy (ffbff338, 365c4, 0, 0, 0, 0) + 80
>> >> > fec9e0fc _gnutls_finished (36180, 2, ffbff440, 1, 6, 0) + 84
>> >> > fec9edc0 _gnutls_send_handshake_final (0, 0, 0, e, e, 4) + 128
>> >> > feca2548 _gnutls_handshake_common (36180, 0, 10, 4, ffffffe0,
>> >> > ffbff551)
>> >> > + 30
>> >> > feca382c gnutls_handshake (0, 4, 32fc8, 8e8, 17ac, ffbff5c4) + 60
>> >> > 000119bc main (1, ffbffa54, ffbffa5c, 22508, 0, 0) + 118
>> >> > 000112c8 _start (0, 0, 0, 0, 0, 0) + 5c
>> >>
>> >> Can you send me information on how I can reproduce this issue? I can
>> >> use
>> >> ./gnutls-cli tls.secg.org --priority
>> >> "NONE:+VERS-TLS1.2:+AES-128-CBC:+RSA:+DHE-DSS:+SHA256:+COMP-NULL" to
>> >> connect using TLS1.2 without any issues.>
>> >> regards,
>> >> Nikos
>> >
>> > ___________________! _____________
>> > 全新 Windows 7：寻找最适合您的 PC。 了解详情。
>
> ________________________________
> Messenger保护盾2.0，更安全可靠的Messenger聊天！ 现在就下载！
> ________________________________
> Messenger保护盾2.0，更安全可靠的Messenger聊天！ 现在就下载！
> ________________________________
> 全新 Windows 7：寻找最适合您的 PC。 了解详情。