[Swan-dev] noticed few small memory leaks

Paul Wouters paul at nohats.ca
Thu Apr 13 02:50:41 UTC 2017

On Wed, 12 Apr 2017, Antony Antony wrote:

> Here is a leak report after an overnight run of pluto.
> One the connection was restarted several times by the other end.
> The state number reached upto #1453.

Thanks for creating the list!

> leak: EVENT_SHUNT_SCAN, item size: 32
> leak: EVENT_PENDING_DDNS, item size: 32
> leak: EVENT_SD_WATCHDOG, item size: 32
> leak: EVENT_PENDING_PHASE2, item size: 32
> leak: EVENT_REINIT_SECRET, item size: 32

> leak: EVENT_LOG_DAILY, item size: 32

These are one time setup ones, not too harmful. Once the libevent
code can list these events again properly, we can free these properly.

> leak: 10 * converted gn, item size: 32

This one seems to be in the CRL code. We still do some juggling from
NSS/X509 to "GN" and back, which was because we used GMP types. This
is something we could phase out at some more quiet maintenance window

> leak: msg_digest, item size: 4144

This one is harder to track (but more important due to its size!)
I've changed alloc_md() to take a string which is used inside
alloc_md() to pass to alloc_bytes() so we can tell which of these
is not being freed. I suspect it's fakemd needed for the crypto
helper launch.

> leak: 4 * crl uri, item size: 35
> leak: 24 * converted gn, item size: 32

Related to X509/CRL code. Not trivial fixes.

> leak: connection alias, item size: 4


> leak: IKEv2 encrypted fragment, item size: 539
> leak: ikev2_frag, item size: 56

This needs a little work. frag->cipher is cloned, but then
frag is set to NULL to indicate work is completed.

> leak: 2 * virtual description, item size: 4

This is somewhat known:

#if 0
                 /* ??? this seens buggy since virts don't get unshared * */
                 /* ??? make do until virts get unshared */
                 c->spd.that.virt = NULL;

> leak: kernel integ, item size: 32

> Disclosure - The code is master + rekey-ipsec-pfs.
> I feel lot of these could be in #master too but could not be sure.

Seems likely based on the ones I looked at.


More information about the Swan-dev mailing list