[gnutls-help] Issues with both gnutls 3.3.0 and 3.3.1

Nikos Mavrogiannopoulos nmav at gnutls.org
Sun Apr 27 18:57:16 CEST 2014

On Sat, 2014-04-26 at 10:42 +0200, Martin Kletzander wrote:
> On Tue, Apr 22, 2014 at 04:01:20PM +0200, Martin Kletzander wrote:
> >Hello,
> >
> >I recently upgraded to gnutls-3.3.0 (from 3.2.13) and found out that
> >there are 2 FDs leaked (read-only, pointing to /dev/urandom) into some
> >processes.  Looking at the code it looks like there should be
> >FD_CLOEXEC set, but it leaks through anyway.  The backtrace when
> >opening those files is:
> I've gone through bisecting the repo and found out the first bad
> commit is this one:
> commit d5d302e278c3a813994f3fe3026f3990fd6a23d9
> Author: Nikos Mavrogiannopoulos <nmav at gnutls.org>
> Date:   Sat Nov 30 19:08:38 2013 +0100
>     constructor and destructors were moved outside the FIPS140 mode.

This effectively moved gnutls_global_init() and _deinit() to library
constructor and destructor respectively. That means that any descriptors
will be left open until the library is unloaded.

The fact though that there are 2 descriptors open seems like a bug. I'll
check it.


More information about the Gnutls-help mailing list