Re: [libmicrohttpd] the case of a memory leak

[Simon Josefsson]

Piotr Grzybowski <address@hidden> writes:

> hello all.
>
>  recently i have talked with Christian about a memory leak, which i saw
> in my application which uses libmicrohttpd. it seemed that it is
> libmicrohttpd that leaks, but it turns out that, after further
> debugging/tracing,
> it is gnutls that has a leak. it was triggered by a tool that sends more
> or less exotic data during tls handshake.
>  once i have introduced the following patch to gnutls the leak disappeared.
> please keep in mind that this patch can introduce segfaults, because i have
> no idea whether dataptr is used elsewhere. what i am sure of is that it is not
> freed by gnutls in every possible case.
>
> diff -Naur gnutls26-2.4.2/lib/gnutls_handshake.c
> gnutls26-2.4.2-modified/lib/gnutls_handshake.c
> --- gnutls26-2.4.2/lib/gnutls_handshake.c       2008-09-15
> 22:04:19.000000000 +0200
> +++ gnutls26-2.4.2-modified/lib/gnutls_handshake.c      2011-08-10
> 09:07:14.000000000 +0200
> @@ -1245,6 +1245,7 @@
>    if (ret < 0)
>      {
>        gnutls_assert ();
> +      gnutls_free (dataptr); //is dataptr used elsewhere?
>        _gnutls_handshake_header_buffer_clear (session);
>        return ret;
>      }
>
> also i am sure that it was gnutls-2.4.2 that has the bug, since after
> upgrading to gnutls-3.0 and
> recompiling libmicrohttpd and my code the leak was not present.

A lot of things have been fixed since GnuTLS 2.4.x, so if you cannot
reproduce it using 2.12.x or 3.0.x I'd say it was already fixed.

/Simon