- it can be reproduced for https://, not for http:// - the leak does not occur if you use an ip address instead of a hostname - the number of bytes leaking is strlen(hostname)+1 (maybe its a libcrypto / libssl bug ?)
valgrind output with libcurl debug symbols when using 'https://blitz-lx/': ==12018== 9 bytes in 1 blocks are definitely lost in loss record 1 of 3 ==12018== at 0x4022D6E: malloc (vg_replace_malloc.c:207) ==12018== by 0x430736C: (within /usr/lib/i586/libcrypto.so.0.9.8) ==12018== by 0x4307960: CRYPTO_malloc (in /usr/lib/i586/libcrypto.so.0.9.8) ==12018== by 0x4362397: BUF_strndup (in /usr/lib/i586/libcrypto.so.0.9.8) ==12018== by 0x436240B: BUF_strdup (in /usr/lib/i586/libcrypto.so.0.9.8) ==12018== by 0x429A517: ssl3_ctrl (in /usr/lib/i586/libssl.so.0.9.8) ==12018== by 0x42AA97E: SSL_ctrl (in /usr/lib/i586/libssl.so.0.9.8) ==12018== by 0x4045990: ossl_connect_common (ssluse.c:1477) ==12018== by 0x4045CB2: Curl_ossl_connect (ssluse.c:1873) ==12018== by 0x4058EFA: Curl_ssl_connect (sslgen.c:213) ==12018== by 0x4036240: Curl_http_connect (http.c:1719) ==12018== by 0x403D0F8: Curl_protocol_connect (url.c:2825) tested with an up-to-date lenny on 26. August 2010. Regards, Tim Ruehsen -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
