[squid-users] Squid Kerberos helper leaking memory - OpenBSD 6.3
Amos Jeffries
squid3 at treenet.co.nz
Tue Sep 4 13:51:54 UTC 2018
On 5/09/18 1:24 AM, Silamael wrote:
> Hello,
>
> I'm currently investigating a memory leak in with the Kerberos negotiate
> authentication helper in Squid 3.5.27 under OpenBSD 6.3. It's a own port
> with added Kerberos support since OpenBSD's port does not support
> Kerberos at all.
>
> As library Heimdal 7.5.0 is used. So far I had no luck in finding the
> memory leak itself.
Have you tried valgrind and either GCC or clang static analysis features
on your helper and/or library?
>
> Would it be safe for Squid, to patch the helper code so that it does a
> clean exit after every X processed requests?
>
> Or will this bring new problems on Squid's side?
>
Should be okay so long as the helpers do reply to at least some queries,
and do not exit all at once.
Squid-3.5 will log errors about helpers exiting unexpectedly, but should
only die if the helpers did so on their startup or many are dying within
a shifting 30sec window of time.
Squid-4 can use the auth_param on-persistent-overload=ERR option to
prevent even the death cases above.
Amos
More information about the squid-users
mailing list