When trying to connect to a RHEV instance using gnutls-cli, I'm getting the warnings below from valgrind. The RHEV instance is unfortunately only available on an internal network. I'm using gnutls-3.1.11-1.fc19 ==27357== Memcheck, a memory error detector ==27357== Copyright (C) 2002-2012, and GNU GPL'd, by Julian Seward et al. ==27357== Using Valgrind-3.8.1 and LibVEX; rerun with -h for copyright info ==27357== Command: gnutls-cli --no-ca-verification rhevm32.spice.lab.eng.brq.red ==27357== Parent PID: 20980 ==27357==- ==27357== Conditional jump or move depends on uninitialised value(s) ==27357== at 0x4A0B131: bcmp (in /usr/lib64/valgrind/vgpreload_memcheck-amd64 ==27357== by 0x4C6817E: ciphertext_to_compressed (gnutls_cipher.c:785) ==27357== by 0x4C69531: _gnutls_decrypt (gnutls_cipher.c:182) ==27357== by 0x4C658B1: _gnutls_recv_in_buffers (gnutls_record.c:1166) ==27357== by 0x4C66995: _gnutls_recv_int (gnutls_record.c:1348) ==27357== by 0x4C66E74: gnutls_record_recv (gnutls_record.c:1511) ==27357== by 0x40AB59: socket_recv (socket.c:56) ==27357== by 0x407662: main (cli.c:985) ==27357==- ==27357== Conditional jump or move depends on uninitialised value(s) ==27357== at 0x4A0B152: bcmp (in /usr/lib64/valgrind/vgpreload_memcheck-amd64 ==27357== by 0x4C6817E: ciphertext_to_compressed (gnutls_cipher.c:785) ==27357== by 0x4C69531: _gnutls_decrypt (gnutls_cipher.c:182) ==27357== by 0x4C658B1: _gnutls_recv_in_buffers (gnutls_record.c:1166) ==27357== by 0x4C66995: _gnutls_recv_int (gnutls_record.c:1348) ==27357== by 0x4C66E74: gnutls_record_recv (gnutls_record.c:1511) ==27357== by 0x40AB59: socket_recv (socket.c:56) ==27357== by 0x407662: main (cli.c:985) ==27357==- ==27357== Conditional jump or move depends on uninitialised value(s) ==27357== at 0x3097678311: _IO_file_overflow@@GLIBC_2.2.5 (fileops.c:859) ==27357== by 0x3097673EB1: fputc (fputc.c:38) ==27357== by 0x4076C2: main (cli.c:1005) ==27357==- ==27357== Syscall param write(buf) points to uninitialised byte(s) ==27357== at 0x30976E6760: __write_nocancel (syscall-template.S:81) ==27357== by 0x3097676B92: _IO_file_write@@GLIBC_2.2.5 (fileops.c:1254) ==27357== by 0x3097677FFB: _IO_do_write@@GLIBC_2.2.5 (fileops.c:530) ==27357== by 0x30976783D2: _IO_file_overflow@@GLIBC_2.2.5 (fileops.c:868) ==27357== by 0x3097673EB1: fputc (fputc.c:38) ==27357== by 0x4076C2: main (cli.c:1005) ==27357== Address 0x30979ba4a3 is 131 bytes inside data symbol "_IO_2_1_stdout_ ==27357==- ==27357==- ==27357== HEAP SUMMARY: ==27357== in use at exit: 649 bytes in 6 blocks ==27357== total heap usage: 35,466 allocs, 35,460 frees, 5,834,300 bytes alloc ==27357==- ==27357== LEAK SUMMARY: ==27357== definitely lost: 117 bytes in 4 blocks ==27357== indirectly lost: 0 bytes in 0 blocks ==27357== possibly lost: 0 bytes in 0 blocks ==27357== still reachable: 532 bytes in 2 blocks ==27357== suppressed: 0 bytes in 0 blocks ==27357== Rerun with --leak-check=full to see details of leaked memory ==27357==- ==27357== For counts of detected and suppressed errors, rerun with: -v ==27357== Use --track-origins=yes to see where uninitialised values come from ==27357== ERROR SUMMARY: 360 errors from 4 contexts (suppressed: 2 from 2) $ valgrind --log-file=log gnutls-cli --no-ca-verification rhevm32.spice.lab.eng.brq.redhat.com Processed 144 CA certificate(s). Resolving 'rhevm32.spice.lab.eng.brq.redhat.com'... Connecting to '10.34.58.32:443'... - Certificate type: X.509 - Got a certificate list of 2 certificates. - Certificate[0] info: - subject `C=US,O=spice.lab.eng.brq.redhat.com,CN=rhevm32.spice.lab.eng.brq.redhat.com', issuer `C=US,O=spice.lab.eng.brq.redhat.com,CN=CA-rhevm32.spice.lab.eng.brq.redhat.com.10001', RSA key 2048 bits, signed using RSA-SHA1, activated `2013-04-04 11:57:26 UTC', expires `2018-03-10 11:57:27 UTC', SHA-1 fingerprint `baabc26bf1ee21ba81ad5d4ca447daf6df5dcd58' Public Key Id: bd8f9a91c826c40bbe17ee5e2b736c290c609e3a Public key's random art: +--[ RSA 2048]----+ | | | | | | |.. . . | |o.o o S . | | +.o.o . . . | |. .+oo=.o . | |E .B+=. o o | | ..+o*. o.. . | +-----------------+ - Certificate[1] info: - subject `C=US,O=spice.lab.eng.brq.redhat.com,CN=CA-rhevm32.spice.lab.eng.brq.redhat.com.10001', issuer `C=US,O=spice.lab.eng.brq.redhat.com,CN=CA-rhevm32.spice.lab.eng.brq.redhat.com.10001', RSA key 2048 bits, signed using RSA-SHA1, activated `2013-04-04 11:57:26 UTC', expires `2023-04-03 11:57:27 UTC', SHA-1 fingerprint `cbfbb519a00d1e661b689e1c34ae1fb1f7658609' - Description: (TLS1.0-PKIX)-(RSA)-(AES-128-CBC)-(SHA1) - Session ID: DD:D1:A8:AC:B7:A7:32:31:4D:A5:60:EF:5E:47:BD:00:24:98:69:C8:DF:62:23:6C:74:AF:E6:ED:44:55:0F:7F - Version: TLS1.0 - Key Exchange: RSA - Cipher: AES-128-CBC - MAC: SHA1 - Compression: NULL - Handshake was completed - Simple Client Mode: GET /api/vms HTTP/1.1 Host: rhevm32.spice.lab.eng.brq.redhat.com Content-Type: application/xml HTTP/1.1 401 Unauthorized Date: Tue, 11 Jun 2013 13:06:10 GMT Pragma: No-cache Cache-Control: no-cache Expires: Thu, 01 Jan 1970 01:00:00 CET WWW-Authenticate: Basic realm="ENGINE" Content-Type: text/html;charset=utf-8 Content-Length: 978 Vary: Accept-Encoding Connection: close <html><head><title>JBoss Web/7.0.17..Final-redhat-1 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 401 - </h1><HR size="1" noshade="noshade"><p><b>type</b> Status report</p><p><b>message</b> <u></u></p><p><b>description</b> <u>This request requires HTTP authentication ().</u></p><HR size="1" noshade="noshade"><h3>JBoss Web/7.0.17..Final-redhat-1</h3></body></html>- Peer has closed the GnuTLS connection
I have just submitted 3.1.17-1 for testing, and I couldn't reproduce the issue you mention with it. Could you verify that it solves the issue for you?
Still getting this with 3.1.17-2 (I scratch built it from dist-git as I could not find the official build for it) ==12255== Memcheck, a memory error detector ==12255== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al. ==12255== Using Valgrind-3.9.0 and LibVEX; rerun with -h for copyright info ==12255== Command: gnutls-cli --no-ca-verification rhevm32.spice.lab.eng.brq.redhat.com ==12255== Parent PID: 3706 ==12255==- ==12255== Conditional jump or move depends on uninitialised value(s) ==12255== at 0x4A0B1F1: bcmp (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==12255== by 0x4C69F6E: ??? (in /usr/lib64/libgnutls.so.28.20.3) ==12255== by 0x4C6B341: ??? (in /usr/lib64/libgnutls.so.28.20.3) ==12255== by 0x4C67689: ??? (in /usr/lib64/libgnutls.so.28.20.3) ==12255== by 0x4C68765: _gnutls_recv_int (in /usr/lib64/libgnutls.so.28.20.3) ==12255== by 0x4C68C44: gnutls_record_recv (in /usr/lib64/libgnutls.so.28.20.3) ==12255== by 0x40A3C9: ??? (in /usr/bin/gnutls-cli) ==12255== by 0x406D82: ??? (in /usr/bin/gnutls-cli) ==12255== by 0x3134221D64: (below main) (libc-start.c:285) ==12255==- ==12255== Conditional jump or move depends on uninitialised value(s) ==12255== at 0x4A0B212: bcmp (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==12255== by 0x4C69F6E: ??? (in /usr/lib64/libgnutls.so.28.20.3) ==12255== by 0x4C6B341: ??? (in /usr/lib64/libgnutls.so.28.20.3) ==12255== by 0x4C67689: ??? (in /usr/lib64/libgnutls.so.28.20.3) ==12255== by 0x4C68765: _gnutls_recv_int (in /usr/lib64/libgnutls.so.28.20.3) ==12255== by 0x4C68C44: gnutls_record_recv (in /usr/lib64/libgnutls.so.28.20.3) ==12255== by 0x40A3C9: ??? (in /usr/bin/gnutls-cli) ==12255== by 0x406D82: ??? (in /usr/bin/gnutls-cli) ==12255== by 0x3134221D64: (below main) (libc-start.c:285) ==12255==- ==12255== Conditional jump or move depends on uninitialised value(s) ==12255== at 0x31342784A1: _IO_file_overflow@@GLIBC_2.2.5 (fileops.c:859) ==12255== by 0x31342741B1: fputc (fputc.c:38) ==12255== by 0x406DE2: ??? (in /usr/bin/gnutls-cli) ==12255== by 0x3134221D64: (below main) (libc-start.c:285) ==12255==- ==12255== Syscall param write(buf) points to uninitialised byte(s) ==12255== at 0x31342E6890: __write_nocancel (syscall-template.S:81) ==12255== by 0x3134276D22: _IO_file_write@@GLIBC_2.2.5 (fileops.c:1254) ==12255== by 0x313427818B: _IO_do_write@@GLIBC_2.2.5 (fileops.c:530) ==12255== by 0x3134278562: _IO_file_overflow@@GLIBC_2.2.5 (fileops.c:868) ==12255== by 0x31342741B1: fputc (fputc.c:38) ==12255== by 0x406DE2: ??? (in /usr/bin/gnutls-cli) ==12255== by 0x3134221D64: (below main) (libc-start.c:285) ==12255== Address 0x31345b9483 is 131 bytes inside data symbol "_IO_2_1_stdout_" ==12255==- ==12255==- =
gnutls-3.1.17-3.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/gnutls-3.1.17-3.fc20
Package gnutls-3.1.17-3.fc20: * should fix your issue, * was pushed to the Fedora 20 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing gnutls-3.1.17-3.fc20' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2013-22805/gnutls-3.1.17-3.fc20 then log in and leave karma (feedback).
gnutls-3.1.17-3.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
Yup, much better with this update, only a few apparently minor leaks are reported now ==31418== Memcheck, a memory error detector ==31418== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al. ==31418== Using Valgrind-3.9.0 and LibVEX; rerun with -h for copyright info ==31418== Command: gnutls-cli --no-ca-verification rhevm32.spice.lab.eng.brq.redhat.com ==31418== Parent PID: 12006 ==31418==- ==31418==- ==31418== HEAP SUMMARY: ==31418== in use at exit: 169 bytes in 6 blocks ==31418== total heap usage: 39,583 allocs, 39,577 frees, 6,342,169 bytes allocated ==31418==- ==31418== 4 bytes in 1 blocks are definitely lost in loss record 1 of 6 ==31418== at 0x4A0645D: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==31418== by 0x3134286409: strdup (strdup.c:42) ==31418== by 0x40A79D: socket_open (socket.c:213) ==31418== by 0x4068A1: main (cli.c:865) ==31418==- ==31418== 12 bytes in 1 blocks are definitely lost in loss record 2 of 6 ==31418== at 0x4A0645D: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==31418== by 0x3134286409: strdup (strdup.c:42) ==31418== by 0x40A790: socket_open (socket.c:212) ==31418== by 0x4068A1: main (cli.c:865) ==31418==- ==31418== 37 bytes in 1 blocks are definitely lost in loss record 5 of 6 ==31418== at 0x4A0645D: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==31418== by 0x3134286409: strdup (strdup.c:42) ==31418== by 0x40A783: socket_open (socket.c:211) ==31418== by 0x4068A1: main (cli.c:865) ==31418==- ==31418== 64 bytes in 1 blocks are definitely lost in loss record 6 of 6 ==31418== at 0x4A0645D: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==31418== by 0x31342DAD0C: gaih_inet (getaddrinfo.c:1203) ==31418== by 0x31342DE6FC: getaddrinfo (getaddrinfo.c:2405) ==31418== by 0x40A655: socket_open (socket.c:150) ==31418== by 0x4068A1: main (cli.c:865) ==31418==- ==31418== LEAK SUMMARY: ==31418== definitely lost: 117 bytes in 4 blocks ==31418== indirectly lost: 0 bytes in 0 blocks ==31418== possibly lost: 0 bytes in 0 blocks ==31418== still reachable: 52 bytes in 2 blocks ==31418== suppressed: 0 bytes in 0 blocks ==31418== Reachable blocks (those to which a pointer was found) are not shown. ==31418== To see them, rerun with: --leak-check=full --show-leak-kinds=all ==31418==- ==31418== For counts of detected and suppressed errors, rerun with: -v ==31418== ERROR SUMMARY: 4 errors from 4 contexts (suppressed: 2 from 2)