[squid-users] Squid Kerberos helper leaking memory - OpenBSD 6.3
Silamael
silamael at coronamundi.de
Tue Sep 4 15:22:10 UTC 2018
On 09/04/2018 03:51 PM, Amos Jeffries wrote:
> On 5/09/18 1:24 AM, Silamael wrote:
>> Hello,
>>
>> I'm currently investigating a memory leak in with the Kerberos negotiate
>> authentication helper in Squid 3.5.27 under OpenBSD 6.3. It's a own port
>> with added Kerberos support since OpenBSD's port does not support
>> Kerberos at all.
>>
>> As library Heimdal 7.5.0 is used. So far I had no luck in finding the
>> memory leak itself.
>
> Have you tried valgrind and either GCC or clang static analysis features
> on your helper and/or library?
valgrind doesn't seem to work properly on OpenBSD. I get a bunch of
nonsense output and then a segmentation fault...
What are the GCC/clang statistic features? I'm no C/C++ pro ;)
>>
>> Would it be safe for Squid, to patch the helper code so that it does a
>> clean exit after every X processed requests?
>>
>> Or will this bring new problems on Squid's side?
>>
>
> Should be okay so long as the helpers do reply to at least some queries,
> and do not exit all at once.
>
> Squid-3.5 will log errors about helpers exiting unexpectedly, but should
> only die if the helpers did so on their startup or many are dying within
> a shifting 30sec window of time.
At moment a helper will call exit(0) after 10000 requests. Don't know,
how Squid distributes the requests over all helper processes and if we
have too many helpers exiting within 30 seconds...
But good to know that there aren't any general objections.
>
> Squid-4 can use the auth_param on-persistent-overload=ERR option to
> prevent even the death cases above.
Good to know.
-- Matthias
More information about the squid-users
mailing list