Hi,
I looked at memory leaks for the squid negotiate_kerberos
helper and found issues with the following in the heimdal code:
==9424== 16 bytes in 1 blocks are definitely lost in loss record 13 of
64
==9424== at 0x4C2A110: malloc (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==9424== by 0x52ACF9C: set_etypes (context.c:74)
==9424== by 0x52ADE8F: init_context_from_config_file
(context.c:161)
==9424== by 0x52ADE8F: krb5_set_config_files
(context.c:692)
==9424== by 0x52AE49C: krb5_init_context
(context.c:451)
==9424== by 0x4023C1: main
(negotiate_kerberos_auth.cc:549)
which should be fixed with
--- lib/krb5/context.c 2017-12-07 04:11:23.000000000 +0000
+++ lib/krb5/context_new.c 2018-09-15
18:45:40.715744342 +0100
@@ -622,6 +622,9 @@
free(context->etypes);
free(context->cfg_etypes);
free(context->etypes_des);
+ free(context->permitted_enctypes);
+ free(context->tgs_etypes);
+ free(context->as_etypes);
krb5_free_host_realm (context,
context->default_realms);
krb5_config_file_free (context,
context->cf);
free_error_table (context->et_list);
and
==9424== 13,200 bytes in 6 blocks are definitely lost in loss record 63 of
64
==9424== at 0x4C2C240: calloc (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==9424== by 0x4E5E01A: _gss_ntlm_allocate_ctx
(accept_sec_context.c:52)
==9424== by 0x4E5E5B4: _gss_ntlm_acquire_cred
(acquire_cred.c:60)
==9424== by 0x4E55779: gss_acquire_cred
(gss_acquire_cred.c:125)
==9424== by 0x4E635AB: _gss_spnego_acquire_cred
(cred_stubs.c:109)
==9424== by 0x4E55779: gss_acquire_cred
(gss_acquire_cred.c:125)
==9424== by 0x403227: main
(negotiate_kerberos_auth.cc:721)
Which could be fixed with
--- ./lib/gssapi/ntlm/acquire_cred.c 2016-12-20
14:23:06.000000000 +0000
+++
./lib/gssapi/ntlm/acquire_cred_new.c
2018-09-15 18:09:04.436985518 +0100
@@ -58,8 +58,10 @@
if (cred_usage == GSS_C_BOTH || cred_usage ==
GSS_C_ACCEPT) {
maj_stat =
_gss_ntlm_allocate_ctx(min_stat, &ctx);
- if (maj_stat != GSS_S_COMPLETE)
+ if (maj_stat != GSS_S_COMPLETE)
{
+ if (ctx)
free(ctx);
return
maj_stat;
+ }
domain = name != NULL ?
name->domain : NULL;
maj_stat =
(*ctx->server->nsi_probe)(min_stat, ctx->ictx, domain);
Markus
|
On 09/15/2018 07:47 PM, Markus Moeller wrote: > Hi, > I looked at memory leaks for the squid negotiate_kerberos helper and > found issues with the following in the heimdal code: > ==9424== 16 bytes in 1 blocks are definitely lost in loss record 13 of 64 > ==9424== at 0x4C2A110: malloc (in > /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) > ==9424== by 0x52ACF9C: set_etypes (context.c:74) > ==9424== by 0x52ADE8F: init_context_from_config_file (context.c:161) > ==9424== by 0x52ADE8F: krb5_set_config_files (context.c:692) > ==9424== by 0x52AE49C: krb5_init_context (context.c:451) > ==9424== by 0x4023C1: main (negotiate_kerberos_auth.cc:549) > which should be fixed with > --- lib/krb5/context.c 2017-12-07 04:11:23.000000000 +0000 > +++ lib/krb5/context_new.c 2018-09-15 18:45:40.715744342 +0100 > @@ -622,6 +622,9 @@ > free(context->etypes); > free(context->cfg_etypes); > free(context->etypes_des); > + free(context->permitted_enctypes); > + free(context->tgs_etypes); > + free(context->as_etypes); > krb5_free_host_realm (context, context->default_realms); > krb5_config_file_free (context, context->cf); > free_error_table (context->et_list); > and > ==9424== 13,200 bytes in 6 blocks are definitely lost in loss record 63 > of 64 > ==9424== at 0x4C2C240: calloc (in > /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) > ==9424== by 0x4E5E01A: _gss_ntlm_allocate_ctx (accept_sec_context.c:52) > ==9424== by 0x4E5E5B4: _gss_ntlm_acquire_cred (acquire_cred.c:60) > ==9424== by 0x4E55779: gss_acquire_cred (gss_acquire_cred.c:125) > ==9424== by 0x4E635AB: _gss_spnego_acquire_cred (cred_stubs.c:109) > ==9424== by 0x4E55779: gss_acquire_cred (gss_acquire_cred.c:125) > ==9424== by 0x403227: main (negotiate_kerberos_auth.cc:721) > Which could be fixed with > --- ./lib/gssapi/ntlm/acquire_cred.c 2016-12-20 14:23:06.000000000 +0000 > +++ ./lib/gssapi/ntlm/acquire_cred_new.c 2018-09-15 18:09:04.436985518 +0100 > @@ -58,8 +58,10 @@ > if (cred_usage == GSS_C_BOTH || cred_usage == GSS_C_ACCEPT) { > maj_stat = _gss_ntlm_allocate_ctx(min_stat, &ctx); > - if (maj_stat != GSS_S_COMPLETE) > + if (maj_stat != GSS_S_COMPLETE) { > + if (ctx) free(ctx); > return maj_stat; > + } > domain = name != NULL ? name->domain : NULL; > maj_stat = (*ctx->server->nsi_probe)(min_stat, ctx->ictx, domain); > Markus Hi Markus, Thanks a lot for your diff. I applied and tested it. No more memory leaking :) Greetings, Matthias |
Free forum by Nabble | Edit this page |