[squid-dev] Heimdal 7.5.0 memory leaks
Silamael
silamael at coronamundi.de
Tue Sep 18 06:01:57 UTC 2018
On 09/15/2018 07:47 PM, Markus Moeller wrote:
> Hi,
> I looked at memory leaks for the squid negotiate_kerberos helper and
> found issues with the following in the heimdal code:
> ==9424== 16 bytes in 1 blocks are definitely lost in loss record 13 of 64
> ==9424== at 0x4C2A110: malloc (in
> /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
> ==9424== by 0x52ACF9C: set_etypes (context.c:74)
> ==9424== by 0x52ADE8F: init_context_from_config_file (context.c:161)
> ==9424== by 0x52ADE8F: krb5_set_config_files (context.c:692)
> ==9424== by 0x52AE49C: krb5_init_context (context.c:451)
> ==9424== by 0x4023C1: main (negotiate_kerberos_auth.cc:549)
> which should be fixed with
> --- lib/krb5/context.c 2017-12-07 04:11:23.000000000 +0000
> +++ lib/krb5/context_new.c 2018-09-15 18:45:40.715744342 +0100
> @@ -622,6 +622,9 @@
> free(context->etypes);
> free(context->cfg_etypes);
> free(context->etypes_des);
> + free(context->permitted_enctypes);
> + free(context->tgs_etypes);
> + free(context->as_etypes);
> krb5_free_host_realm (context, context->default_realms);
> krb5_config_file_free (context, context->cf);
> free_error_table (context->et_list);
> and
> ==9424== 13,200 bytes in 6 blocks are definitely lost in loss record 63
> of 64
> ==9424== at 0x4C2C240: calloc (in
> /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
> ==9424== by 0x4E5E01A: _gss_ntlm_allocate_ctx (accept_sec_context.c:52)
> ==9424== by 0x4E5E5B4: _gss_ntlm_acquire_cred (acquire_cred.c:60)
> ==9424== by 0x4E55779: gss_acquire_cred (gss_acquire_cred.c:125)
> ==9424== by 0x4E635AB: _gss_spnego_acquire_cred (cred_stubs.c:109)
> ==9424== by 0x4E55779: gss_acquire_cred (gss_acquire_cred.c:125)
> ==9424== by 0x403227: main (negotiate_kerberos_auth.cc:721)
> Which could be fixed with
> --- ./lib/gssapi/ntlm/acquire_cred.c 2016-12-20 14:23:06.000000000 +0000
> +++ ./lib/gssapi/ntlm/acquire_cred_new.c 2018-09-15 18:09:04.436985518 +0100
> @@ -58,8 +58,10 @@
> if (cred_usage == GSS_C_BOTH || cred_usage == GSS_C_ACCEPT) {
> maj_stat = _gss_ntlm_allocate_ctx(min_stat, &ctx);
> - if (maj_stat != GSS_S_COMPLETE)
> + if (maj_stat != GSS_S_COMPLETE) {
> + if (ctx) free(ctx);
> return maj_stat;
> + }
> domain = name != NULL ? name->domain : NULL;
> maj_stat = (*ctx->server->nsi_probe)(min_stat, ctx->ictx, domain);
> Markus
Hi Markus,
Thanks a lot for your diff. I applied and tested it.
No more memory leaking :)
Greetings,
Matthias
More information about the squid-dev
mailing list