From: Martin Willi <martin@revosec.ch>
Date: Mon, 13 Apr 2015 15:12:49 +0000 (+0200)
Subject: gcrypt: Explicitly initialize RNG backend to allocate static data
X-Git-Tag: 5.3.1dr1~16^2~11
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=13a5a906e941b147d9b214a91d03d9ee356d723e;p=thirdparty%2Fstrongswan.git

gcrypt: Explicitly initialize RNG backend to allocate static data

The libgcrypt RNG implementation uses static buffer allocation which it does
not free. There is no symbol we can catch in leak-detective, hence we explicitly
initialize the RNG during the whitelisted gcrypt_plugin_create() function.
---

diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c b/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c
index 480c083c05..04f1f43ef1 100644
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c
@@ -158,6 +158,9 @@ plugin_t *gcrypt_plugin_create()
 	}
 	gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0);
 
+	/* initialize static allocations we want to exclude from leak-detective */
+	gcry_create_nonce(NULL, 0);
+
 	INIT(this,
 		.public = {
 			.plugin = {