[24463] in Kerberos
Re: Memory Leak problems with krb5_get_init_creds_password?
daemon@ATHENA.MIT.EDU (Chet Burgess)
Wed Aug 17 11:06:08 2005
Content-return: prohibited
Date: Wed, 17 Aug 2005 07:58:03 -0700
From: Chet Burgess <cfb@usc.edu>
In-reply-to: <gMFMe.2483$x43.1087564@twister.nyc.rr.com>
To: kerberos@mit.edu
Mail-followup-to: kerberos@mit.edu
Message-id: <20050817145802.GF20989@usc.edu>
MIME-version: 1.0
Content-type: text/plain; charset=us-ascii
Content-transfer-encoding: 7BIT
Content-disposition: inline
Errors-To: kerberos-bounces@mit.edu
On Wed, Aug 17, 2005 at 12:07:40PM +0000, Jeffrey Altman wrote:
> Chet Burgess wrote:
>
> > It is important to note that even if you have the
> > REALM and KDC(s) listed in the file properly the library will still
> > try DNS first, so you MUST add "dns_fallback = false" to turn off the
> > resolver calls.
>
> I am fairly sure that DNS is not used in preference to the configuration
> data in the krb5.conf file. However, the library probably calls the
> resolver library init routine prior to making a request.
The res_ninit() call and the subsequent calls for the DNS
records are made in the krb5int_dns_init function found at
src/lib/krb5/os. The res_ninit() call is made for every lookup. As for
the DNS vs. config file variable, I had a proper krb5.conf file that
listed the REALM and the KDCs, untill I added "dns_fallback = false"
to the config file it would always try DNS then look at the config
file.
> Are you suggesting that calling res_init() repeatedly from the same
> thread results in a memory leak?
Suggesting? I guess I was not clear, calling res_ninit() more
than once will result in a memory leak on Solaris (and on Linux,
though I have not tested this).
Neither Solaris (or Linux) make available a function to free
the memory allocated to a resolver state by res_ninit(). Other flavors
of Unix have a function called res_ndestroy() for just this sort of
thing. In fact Solaris has this function but it is marked as local in
the library so you cannot link against it.
cfb@sandman:> nm /usr/lib/libresolv.so | grep res_ndestroy
[200] | 194936| 60|FUNC |LOCL |0 |9 |res_ndestroy
The kerberos developers in fact seem to know/understand this
as they have a report of this problem on the krb5-bugs mailing list
(http://mailman.mit.edu/pipermail/krb5-bugs/2005-January/003549.html).
Below is a simple example program that exploits this problem.
#include <stdio.h>
#include <string.h>
#include <resolv.h>
int
main(int argc, char **argv) {
struct __res_state statbuf;
int ret = 0;
while (1) {
ret = res_ninit(&statbuf);
if (ret != 0) printf("Init error!\n");
res_nclose(&statbuf);
printf("Done!\n");
}
}
Compile with something like (this would be for a 64-bit version):
cc -Iinclude -D_REENTRANT -KPIC -xarch=v9 -DUSE_64 -g -c -o
resolvtest.o resolvtest.c
cc -o resolvtest -Iinclude -D_REENTRANT -KPIC
-xarch=v9 -DUSE_64 -g -lresolv -lsocket -lnsl resolvtest.o
--
Chet Burgess
Manager, Enterprise Collaboration Services
Information Services Division
University of Southern California
cfb@usc.edu
213-740-5160
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos