[Swan-dev] noticed few small memory leaks
paul at nohats.ca
Thu Apr 13 02:50:41 UTC 2017
On Wed, 12 Apr 2017, Antony Antony wrote:
> Here is a leak report after an overnight run of pluto.
> One the connection was restarted several times by the other end.
> The state number reached upto #1453.
Thanks for creating the list!
> leak: EVENT_SHUNT_SCAN, item size: 32
> leak: EVENT_PENDING_DDNS, item size: 32
> leak: EVENT_SD_WATCHDOG, item size: 32
> leak: EVENT_PENDING_PHASE2, item size: 32
> leak: EVENT_REINIT_SECRET, item size: 32
> leak: EVENT_LOG_DAILY, item size: 32
These are one time setup ones, not too harmful. Once the libevent
code can list these events again properly, we can free these properly.
> leak: 10 * converted gn, item size: 32
This one seems to be in the CRL code. We still do some juggling from
NSS/X509 to "GN" and back, which was because we used GMP types. This
is something we could phase out at some more quiet maintenance window
> leak: msg_digest, item size: 4144
This one is harder to track (but more important due to its size!)
I've changed alloc_md() to take a string which is used inside
alloc_md() to pass to alloc_bytes() so we can tell which of these
is not being freed. I suspect it's fakemd needed for the crypto
> leak: 4 * crl uri, item size: 35
> leak: 24 * converted gn, item size: 32
Related to X509/CRL code. Not trivial fixes.
> leak: connection alias, item size: 4
> leak: IKEv2 encrypted fragment, item size: 539
> leak: ikev2_frag, item size: 56
This needs a little work. frag->cipher is cloned, but then
frag is set to NULL to indicate work is completed.
> leak: 2 * virtual description, item size: 4
This is somewhat known:
/* ??? this seens buggy since virts don't get unshared * */
/* ??? make do until virts get unshared */
c->spd.that.virt = NULL;
> leak: kernel integ, item size: 32
> Disclosure - The code is master + rekey-ipsec-pfs.
> I feel lot of these could be in #master too but could not be sure.
Seems likely based on the ones I looked at.
More information about the Swan-dev