[squid-users] Squid Kerberos helper leaking memory - OpenBSD 6.3

Amos Jeffries squid3 at treenet.co.nz
Tue Sep 4 13:51:54 UTC 2018


On 5/09/18 1:24 AM, Silamael wrote:
> Hello,
> 
> I'm currently investigating a memory leak in with the Kerberos negotiate
> authentication helper in Squid 3.5.27 under OpenBSD 6.3. It's a own port
> with added Kerberos support since OpenBSD's port does not support
> Kerberos at all.
> 
> As library Heimdal 7.5.0 is used. So far I had no luck in finding the
> memory leak itself.

Have you tried valgrind and either GCC or clang static analysis features
on your helper and/or library?

> 
> Would it be safe for Squid, to patch the helper code so that it does a
> clean exit after every X processed requests?
> 
> Or will this bring new problems on Squid's side?
> 

Should be okay so long as the helpers do reply to at least some queries,
and do not exit all at once.

Squid-3.5 will log errors about helpers exiting unexpectedly, but should
only die if the helpers did so on their startup or many are dying within
a shifting 30sec window of time.

Squid-4 can use the auth_param on-persistent-overload=ERR option to
prevent even the death cases above.


Amos


More information about the squid-users mailing list