[squid-users] Squid Kerberos helper leaking memory - OpenBSD 6.3

Amos Jeffries squid3 at treenet.co.nz
Tue Sep 4 13:51:54 UTC 2018

On 5/09/18 1:24 AM, Silamael wrote:
> Hello,
> I'm currently investigating a memory leak in with the Kerberos negotiate
> authentication helper in Squid 3.5.27 under OpenBSD 6.3. It's a own port
> with added Kerberos support since OpenBSD's port does not support
> Kerberos at all.
> As library Heimdal 7.5.0 is used. So far I had no luck in finding the
> memory leak itself.

Have you tried valgrind and either GCC or clang static analysis features
on your helper and/or library?

> Would it be safe for Squid, to patch the helper code so that it does a
> clean exit after every X processed requests?
> Or will this bring new problems on Squid's side?

Should be okay so long as the helpers do reply to at least some queries,
and do not exit all at once.

Squid-3.5 will log errors about helpers exiting unexpectedly, but should
only die if the helpers did so on their startup or many are dying within
a shifting 30sec window of time.

Squid-4 can use the auth_param on-persistent-overload=ERR option to
prevent even the death cases above.


More information about the squid-users mailing list