memory leak in libgnutls28

Bug #1068029 reported by Alexander Klauer
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
gnutls28 (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

In lib/pkcs11.c:508, the variable "name" of type const char * is assigned the return value of p11_kit_registered_module_to_name(). However, this function returns a pointer to a newly allocated string (a duplicate of the module name). The pointer is subsequently lost (it is passed to pkcs11_add_module() but ultimately, it is only passed to logging functions).

ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: libgnutls28 3.0.11-1ubuntu2
ProcVersionSignature: Ubuntu 3.2.0-32.51-generic 3.2.30
Uname: Linux 3.2.0-32-generic x86_64
ApportVersion: 2.0.1-0ubuntu7
Architecture: amd64
Date: Thu Oct 18 10:29:51 2012
EcryptfsInUse: Yes
InstallationMedia: Ubuntu 11.10 "Oneiric Ocelot" - Release amd64 (20111012)
ProcEnviron:
 TERM=xterm
 PATH=(custom, user)
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: gnutls28
UpgradeStatus: Upgraded to precise on 2012-05-02 (169 days ago)

Revision history for this message
Alexander Klauer (graf-zahl) wrote :
Revision history for this message
Alexander Klauer (graf-zahl) wrote :

BTW, I just checked version 3.1.3 from upstream. There, the bug is fixed.

Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (5.4 KiB)

This bug was fixed in the package gnutls28 - 3.2.3-1ubuntu1

---------------
gnutls28 (3.2.3-1ubuntu1) saucy; urgency=low

  * Sync with Debian (LP: #1068029). Remaining change:
    - Drop gnutls-bin and -doc since we want to use the versions
      in gnutls26 as the defaults instead

gnutls28 (3.2.3-1) unstable; urgency=low

  * New upstream release.
  * Drop superfluous patches. (35_gnutls-priority-string.diff
    36_avoid-leaking-a-buffer-element.diff)
  * Bump shlibs.

gnutls28 (3.2.2-2) unstable; urgency=low

  * Pull two patches from upstream:
    +35_gnutls-priority-string.diff Fix priority string parsing broken in
     3.2.2 Closes: #717314
    +36_avoid-leaking-a-buffer-element.diff

gnutls28 (3.2.2-1) unstable; urgency=low

  * Mark libgnutls28-dev Multi-Arch: same. (Thanks, Nicolas Le Cam)
    Closes: #678070
  * New upstream version.
  * Drop superfluous patches. 31_testsuite32bit.diff 32_linkagainstgmp.diff
  * Bump shlibs.

gnutls28 (3.2.1-2) unstable; urgency=low

  * Upload to unstable.
  * Do not link everything against nettle on mips(el), the issue being worked
    around was fixed by the latest eglibc upload.
  * Use debhelper v9 mode. This allows us to mark libgnutls28-dbg Multi-Arch:
    same.

gnutls28 (3.2.1-1) experimental; urgency=low

  * New upstream version.
    + Bump nettle build-dep to >= 2.7.
    + Bump shlibs.
    + Disable 20_test-select.diff instead of ufuzzing the patch. - Let's check
      whether it still fails on kfreebsd-i386.
    + [31_testsuite32bit.diff] Avoid comparing the expiration date to prevent
      false positive error in 32-bit systems.
    + [32_linkagainstgmp.diff] Link libgnutls against gmp.

gnutls28 (3.1.12-2) unstable; urgency=low

  * Upload to unstable.
  * Fix vcs-field-not-canonical lintian error by using anonscm instead of
    svn.debian.org.

gnutls28 (3.1.12-1) experimental; urgency=low

  * Use rm -f on clean, fixing an issue with building twice in row.
  * New upstream version.
  * On mips/mipsel link everything and the kitchen-sink against nettle to work
    around toolchain breakage ("crt1.o: undefined reference to symbol '_gp'").

gnutls28 (3.1.11-1) experimental; urgency=low

  * New upstream version.
    + Bump shlibs.

gnutls28 (3.1.10-1) experimental; urgency=low

  * New upstream version.
  * Bump shlibs.

gnutls28 (3.1.9.1-1) experimental; urgency=low

  * New upstream version.
  * Bump shlibs.
  * Force re-generation of autogen-ed manpages.

gnutls28 (3.1.8-1) experimental; urgency=low

  * New upstream version.

gnutls28 (3.1.7-1) experimental; urgency=low

  * Let libgnutls28 depend on libtasn1-6 instead of on libtasn1-3, matching
    the build-depency. (Thanks, Daniel Kahn Gillmor)
  * New upstream version.
    + Includes a fix for GNUTLS-SA-2013-1 TLS CBC padding timing attack.
      CVE-2013-0169 CVE-2013-1619.
    + New symbols added, bump shlibs.
    + Ship newly available libgnutls-xssl0 library in a separate package.
  * Disable Heart Beat (RFC6520) support.

gnutls28 (3.1.6-1) experimental; urgency=low

  * Update watchfile, based on Bart Martens version for gnutls26 on
    q.d.o, but use a) ftp.gnutls.org as mirror and b) limit the the match to
    3.x ver...

Read more...

Changed in gnutls28 (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.