Your message dated Fri, 01 Aug 2014 17:34:23 +0000
with message-id <[email protected]>
and subject line Bug#756608: fixed in neon27 0.30.0-4
has caused the Debian Bug report #756608,
regarding libneon27-gnutls: Memory leak when using TLS
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
756608: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756608
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libneon27-gnutls
Version: 0.29.6-3
Severity: normal
Dear Maintainer,
when libneon27-gnutls is used to connect to a HTTPS-sever it leaks about 4 KB
of memeory every time the connection is closed.
This bug was discovered by a user of davfs2 which - when running for a long
time - finally allocated all of real memory and started swaping.
(http://savannah.nongnu.org/support/?108158)
The bug can be reproduced more easy using cadaver and valgrind, like
$ valgrind --trace-children=yes --leak-check=full --log-file=<log-file>
<https-url>
After connecting and issuing some commands at the cadaver-UI the log file will
show entries like this
==3660== 4,281 bytes in 1 blocks are definitely lost in loss record 65 of 69
==3660== at 0x40283EE: realloc (vg_replace_malloc.c:632)
==3660== by 0x42AAB0B: ??? (in /usr/lib/i386-linux-gnu/libgnutls.so.26.22.4)
==3660== by 0x42AB8D7: _gnutls_buffer_append_data_prefix (in
/usr/lib/i386-linux-gnu/libgnutls.so.26.22.4)
==3660== by 0x429BDFA: ??? (in /usr/lib/i386-linux-gnu/libgnutls.so.26.22.4)
==3660== by 0x429715F: gnutls_session_get_data2 (in
/usr/lib/i386-linux-gnu/libgnutls.so.26.22.4)
==3660== by 0x40BABD8: ne_sock_connect_ssl (ne_socket.c:1804)
==3660== by 0x40C5E25: ne__negotiate_ssl (ne_gnutls.c:933)
==3660== by 0x40B1D65: send_request.isra.6 (ne_request.c:1650)
==3660== by 0x40B2683: ne_begin_request (ne_request.c:1189)
==3660== by 0x40B1C04: ne_request_dispatch (ne_request.c:1400)
==3660== by 0x804D999: ??? (in /usr/bin/cadaver)
==3660== by 0x40E8E65: (below main) (libc-start.c:244)
The reason is that neon uses ne_free for memory allocated by gnutls instead of
gnutls_free. The bug was already reported upstream
(http://lists.manyfish.co.uk/pipermail/neon/2014-July/001570.html) but the
upstream maintainer did not yet respond.
This patch by Patrick Ohly fixes the problem:
src/ne_gnutls.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/ne_gnutls.c b/src/ne_gnutls.c
index 08d78cc..485b9de 100644
--- a/src/ne_gnutls.c
+++ b/src/ne_gnutls.c
@@ -694,7 +694,11 @@ void ne_ssl_context_destroy(ne_ssl_context *ctx)
{
gnutls_certificate_free_credentials(ctx->cred);
if (ctx->cache.client.data) {
+#if defined(HAVE_GNUTLS_SESSION_GET_DATA2)
+ gnutls_free(ctx->cache.client.data);
+#else
ne_free(ctx->cache.client.data);
+#endif
} else if (ctx->cache.server.key.data) {
gnutls_free(ctx->cache.server.key.data);
gnutls_free(ctx->cache.server.data.data);
Cheers
Werner
-- System Information:
Debian Release: 7.6
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 3.2.0-4-686-pae (SMP w/1 CPU core)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages libneon27-gnutls depends on:
ii libc6 2.13-38+deb7u3
ii libcomerr2 1.42.5-1.1
ii libgnutls26 2.12.20-8+deb7u2
ii libgssapi-krb5-2 1.10.1+dfsg-5+deb7u1
ii libk5crypto3 1.10.1+dfsg-5+deb7u1
ii libkrb5-3 1.10.1+dfsg-5+deb7u1
ii libxml2 2.8.0+dfsg1-7+wheezy1
ii zlib1g 1:1.2.7.dfsg-13
Versions of packages libneon27-gnutls recommends:
ii ca-certificates 20130119
libneon27-gnutls suggests no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: neon27
Source-Version: 0.30.0-4
We believe that the bug you reported is fixed in the latest version of
neon27, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Laszlo Boszormenyi (GCS) <[email protected]> (supplier of updated neon27 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 01 Aug 2014 04:54:56 +0000
Source: neon27
Binary: libneon27 libneon27-dev libneon27-dbg libneon27-gnutls
libneon27-gnutls-dev libneon27-gnutls-dbg
Architecture: source amd64
Version: 0.30.0-4
Distribution: unstable
Urgency: low
Maintainer: Laszlo Boszormenyi (GCS) <[email protected]>
Changed-By: Laszlo Boszormenyi (GCS) <[email protected]>
Description:
libneon27 - HTTP and WebDAV client library
libneon27-dbg - Detached symbols for libneon27
libneon27-dev - Header and static library files for libneon27
libneon27-gnutls - HTTP and WebDAV client library (GnuTLS enabled)
libneon27-gnutls-dbg - Detached symbols for libneon27 (GnuTLS enabled)
libneon27-gnutls-dev - Header and static library files for libneon27 (GnuTLS
enabled)
Closes: 756608
Changes:
neon27 (0.30.0-4) unstable; urgency=low
.
[ Patrick Ohly <[email protected]> ]
* Fix memory leak when using gnutls >= 1.3.1 (closes: #756608).
Checksums-Sha1:
b3dba8e3d4e2c05b1f7fbd5fa187a297e847988c 2170 neon27_0.30.0-4.dsc
34e16d333831cc81980a95ef91d893b8efe350c8 9524 neon27_0.30.0-4.debian.tar.xz
dffbf63265ff69da9755846fcf641eababcea904 159388 libneon27_0.30.0-4_amd64.deb
5e01c0c10aadeb39662884ce6f8abed34caa7618 413550
libneon27-dev_0.30.0-4_amd64.deb
47bba31b9626df98aa19362b307b13d140eded56 208912
libneon27-dbg_0.30.0-4_amd64.deb
7fb691b85311c3c95c139a6ec96f690230d18ed9 130406
libneon27-gnutls_0.30.0-4_amd64.deb
9c32ca0dc0ffb1b2391e71e1c165eba9de0e4864 387408
libneon27-gnutls-dev_0.30.0-4_amd64.deb
33e09b15a524177e0813b4a2ecf12947cad9f0c4 190258
libneon27-gnutls-dbg_0.30.0-4_amd64.deb
Checksums-Sha256:
8a9a24d57a5fe90f79b610a0c619c857fea431d0dc4256c384db41a37ce918d9 2170
neon27_0.30.0-4.dsc
e11babfb52de38170c7d74f278bcf7658de35e8adeec667841ed5a620f46a53b 9524
neon27_0.30.0-4.debian.tar.xz
fda85f50cc72d8c4f874106976269d17d797bc706eb94c92ffe630ab3fbacf26 159388
libneon27_0.30.0-4_amd64.deb
a1b6b8220b6b914d21c79e310c9778293b0a0ca47f729b06399bf8eb91116bd8 413550
libneon27-dev_0.30.0-4_amd64.deb
8d546198fcd4ff087974b3bab59f2abd5ee4ce3bd0d60788451ebf1f5c56f8f6 208912
libneon27-dbg_0.30.0-4_amd64.deb
a9b6ae75fcfe6caae3fbae83d30ddf0770d59b6011d40f6f107f69ebab79c7d4 130406
libneon27-gnutls_0.30.0-4_amd64.deb
d0fc9365b8359f27514eb52e056719204980b2b23843e77ce39477143270b3eb 387408
libneon27-gnutls-dev_0.30.0-4_amd64.deb
1e38376676fe91e2eae8e8c68b9ae84996d0b1e7128b565b59f002c698ec2a83 190258
libneon27-gnutls-dbg_0.30.0-4_amd64.deb
Files:
1844f14cbb403eb29c4fe818b76ad8f7 159388 libs optional
libneon27_0.30.0-4_amd64.deb
48373af5ec0b9c1418cd3693dde81cb6 413550 libdevel optional
libneon27-dev_0.30.0-4_amd64.deb
0a4d658ab04fc112871709b330197120 208912 debug extra
libneon27-dbg_0.30.0-4_amd64.deb
cafc56c41666310a8bbbff69708b77a6 130406 libs optional
libneon27-gnutls_0.30.0-4_amd64.deb
a2c84f64003866b7151cd21436ee21b6 387408 libdevel optional
libneon27-gnutls-dev_0.30.0-4_amd64.deb
d8f0d53c94872f818b96fbff4b365112 190258 debug extra
libneon27-gnutls-dbg_0.30.0-4_amd64.deb
bbc561bf67e8878d71204ecf769cc06e 2170 net optional neon27_0.30.0-4.dsc
b25e1b43981d6f314012a45a601b30e9 9524 net optional
neon27_0.30.0-4.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJT28xfAAoJENzjEOeGTMi/1EsQAIYbi4Zkmlf0Zgv9bWlbMLTG
7tfXFTkrg/HdoQoCKM++RmxO7DLGtbszlxatxp/vjLZFo9WOGW+glCrMrOLCZzxD
ZUtH+R/hKW1GVkGMu+o2KNpETAsI4RdJx82HLkS2dJOq4ZeKZQP9bpm6n1l/Fvdc
IBv5beDTvlGeMoi0B3KEbyGifFAMFr9W/nHy1OPbxlvAzH/Gvj+0HwMSHkhQuax0
SKzamReyUNmWBu8ftAfFQ5bX1zB6QunQkncFvlUezelYdj5QVyAmc8BTHl+xDGDO
Gi6URCcmcgO4b6TJ0n417mfjxqKI1vKKAa8EJICLKsQV9djJ7zegwb8TwfcqRtCi
Ijs2oh76PqV0okbi8QGyyq07kDbrJF9xQuOrjw92NP/SFTON1lXobV5NIi3r1BXQ
7xMxr42m7SrM12k6ZMulqIMiGNd/28vKWwP8sQJmPozNN871dqYEdFgS670LgK4n
pLsvooxlLR2b4k3Z3VGb/akGocPq2z2BJnPh09+jAL0cqa1kaF0pAC4TW/QD3p4M
wIjECM8mYqIvW0FuMWHM2QXEZJxSe11Q2iuyPYEGG1Nc6VhSgAg/xXheeiPsqT2Z
VPT6eoXkvOM+LFVtmkFGuiQUWpHF3pghDlXGrNttMgaBj6pZ5jATa4kmE+EDZ5c5
OFNNAWgI+4MQC2ZOSyaW
=CNTb
-----END PGP SIGNATURE-----
--- End Message ---
