[Swan-dev] Pluto memory consumption

Andrew Cagney andrew.cagney at gmail.com
Fri Mar 17 16:53:47 UTC 2017


On 17 March 2017 at 08:52, Erik Andersson <erik at ingate.com> wrote:
>
> PK11SymKey *result = PK11_DeriveWithFlags(base_key, derive, &param,
>                                                   target, operation,
>                                                   key_size, flags);
> The returned result isn't free'd

This might be ok; but first two things that complicate PK11SymKey and nss:

- they are reference counted
- they are never released, instead NSS will recycle the object (anyone
know a way to get NSS to garbage collect?)

Here, the "result" ends up in st->st_shared_nss and I'm fairly sure
that is eventually returned to NSS.  However, NSS's private heap might
be fragmenting.

The script testing/utils/count-nss-keys.awk, if run over a pluto.log
file, will try to track PK11SymKey references and report things never
released.
(I've a hacked version that also tracks other pointers like event
objects (we don't cleanly release them during shutdown)).

Andrew


More information about the Swan-dev mailing list