[squid-dev] Heimdal 7.5.0 memory leaks

Silamael silamael at coronamundi.de
Tue Sep 18 06:01:57 UTC 2018 

On 09/15/2018 07:47 PM, Markus Moeller wrote:
> Hi,
>     I looked at memory leaks for the squid negotiate_kerberos helper and 
> found issues with the following in the heimdal code:
> ==9424== 16 bytes in 1 blocks are definitely lost in loss record 13 of 64
> ==9424==    at 0x4C2A110: malloc (in 
> /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
> ==9424==    by 0x52ACF9C: set_etypes (context.c:74)
> ==9424==    by 0x52ADE8F: init_context_from_config_file (context.c:161)
> ==9424==    by 0x52ADE8F: krb5_set_config_files (context.c:692)
> ==9424==    by 0x52AE49C: krb5_init_context (context.c:451)
> ==9424==    by 0x4023C1: main (negotiate_kerberos_auth.cc:549)
> which should be fixed with
> --- lib/krb5/context.c  2017-12-07 04:11:23.000000000 +0000
> +++ lib/krb5/context_new.c      2018-09-15 18:45:40.715744342 +0100
> @@ -622,6 +622,9 @@
>       free(context->etypes);
>       free(context->cfg_etypes);
>       free(context->etypes_des);
> +    free(context->permitted_enctypes);
> +    free(context->tgs_etypes);
> +    free(context->as_etypes);
>       krb5_free_host_realm (context, context->default_realms);
>       krb5_config_file_free (context, context->cf);
>       free_error_table (context->et_list);
> and
> ==9424== 13,200 bytes in 6 blocks are definitely lost in loss record 63 
> of 64
> ==9424==    at 0x4C2C240: calloc (in 
> /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
> ==9424==    by 0x4E5E01A: _gss_ntlm_allocate_ctx (accept_sec_context.c:52)
> ==9424==    by 0x4E5E5B4: _gss_ntlm_acquire_cred (acquire_cred.c:60)
> ==9424==    by 0x4E55779: gss_acquire_cred (gss_acquire_cred.c:125)
> ==9424==    by 0x4E635AB: _gss_spnego_acquire_cred (cred_stubs.c:109)
> ==9424==    by 0x4E55779: gss_acquire_cred (gss_acquire_cred.c:125)
> ==9424==    by 0x403227: main (negotiate_kerberos_auth.cc:721)
> Which could be fixed with
> --- ./lib/gssapi/ntlm/acquire_cred.c    2016-12-20 14:23:06.000000000 +0000
> +++ ./lib/gssapi/ntlm/acquire_cred_new.c 2018-09-15 18:09:04.436985518 +0100
> @@ -58,8 +58,10 @@
>       if (cred_usage == GSS_C_BOTH || cred_usage == GSS_C_ACCEPT) {
>          maj_stat = _gss_ntlm_allocate_ctx(min_stat, &ctx);
> -       if (maj_stat != GSS_S_COMPLETE)
> +       if (maj_stat != GSS_S_COMPLETE) {
> +           if (ctx) free(ctx);
>              return maj_stat;
> +        }
>           domain = name != NULL ? name->domain : NULL;
>          maj_stat = (*ctx->server->nsi_probe)(min_stat, ctx->ictx, domain);
> Markus

Hi Markus,

Thanks a lot for your diff. I applied and tested it.
No more memory leaking :)

Greetings,
Matthias

More information about the squid-dev mailing list