[strongSwan-dev] aikgen idreq patch

Andreas Steffen andreas.steffen at strongswan.org
Sat May 24 20:29:30 CEST 2014


Hi Avesh,

the chunk_create() function does not allocate any dynamic memory.
It just wraps a pointer and a length into a static chunk_t object.

 identity_req = chunk_create(IdentityReq, IdentityReqLen);

THE IdentityReq structure is made available by the Trousers command

result = Tspi_TPM_CollateIdentityRequest(hTPM, hSRK, hPCAKey, 0, NULL,
					hIdentKey, TSS_ALG_AES,	&IdentityReqLen, &IdentityReq);

At the end of aikgen I'm freeing the complete TSS content and any
internal memory storing IdentityReq will be released. Using our
leak_detective I noticed only one small memory leak in the libtspi
library. If I find the time I'm going to locate the leak and post a
patch to the Trousers project.

Best regards

Andreas

On 05/23/2014 09:34 PM, Avesh Agarwal wrote:
> Hi,
> 
> I was looking at aikgen.c implementation, and I found that that idreq
> buffer is being created even without idreq option, it seems to be
> leading to memory leaks. I have created a patch to address it.
> 
> Thanks and Regards
> Avesh

======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Open Source VPN Solution!          www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4255 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20140524/3f6f9f49/attachment.bin>


More information about the Dev mailing list