[389] in Kerberos-V5-bugs
Memory leaks and problem areas....
daemon@ATHENA.MIT.EDU (Glenn NoI Machin)
Wed Nov 17 16:29:18 1993
Date: Wed, 17 Nov 1993 14:25:01 -0700
From: Glenn NoI Machin <gmachin@somnet.sandia.gov>
To: krb5-bugs@MIT.EDU
Cc: kerberos@MIT.EDU
The folllowing memory leaks were found in the pre-beta3 release
of krb5.
---------------------------------------------------------------------
File: lib/keytab/file/ktf_get_en.c routine: krb5_ktfile_get_entry
while (TRUE) {
cur_entry = 0;
if (kerror = krb5_ktfileint_read_entry(id, &cur_entry))
break;
if (((kvno == IGNORE_VNO) || (kvno == cur_entry->vno)) &&
krb5_principal_compare(principal, cur_entry->principal)) {
/* found a match */
break;
}
krb5_kt_free_entry(cur_entry);
+ /* Memory leak need to free cur_entry since krb5_kt_free_entry
+ only frees the contents */
+ xfree(cur_entry);
}
if (kerror && kerror != KRB5_KT_END) {
(void) krb5_ktfileint_close(id);
return kerror;
}
-----------------------------------------------------------------------------
File:lib/krb/gc_via_tgt.c Routine:krb5_get_cred_via_tgt
if (dec_rep->enc_part2->caddrs) {
if (retval = krb5_copy_addresses(dec_rep->enc_part2->caddrs,
&cred->addresses)) {
cleanup();
return retval;
}
} else {
/* no addresses in the list means we got what we had */
if (retval = krb5_copy_addresses(tgt->addresses,
&cred->addresses)) {
cleanup();
return retval;
}
}
+ /* Added the following line to correct this memory leak :
+ cred->server already exists, thus before overwriting
+ and losing the memory free whats in there now. */
+ krb5_free_principal(cred->server);
if (retval = krb5_copy_principal(dec_rep->enc_part2->server,
&cred->server)) {
cleanup();
return retval;
}
if (retval = encode_krb5_ticket(dec_rep->ticket, &scratch)) {
cleanup();
krb5_free_addresses(cred->addresses);
return retval;
}
-------------------------------------------------------------------------------
Finally we noticed some problems with an application which was the
parent of many children. When the children all terminated at about the same
time, and the parent was in the process of waiting for a response from
the KDC, "krb5_sendto_kdc()", the parent would return with the message that
it was not able to send to the KDC.
The problem was that krb5_sendto_kdc was retransmitting the packet each
time, then going into the select(). The select would be interrupted
by the death of a child, and retransmit. Well if you have enough children
dieing at the same time, to the point where the select is continually being
interrupted by the death of a child then the timeout will eventually be
greater than krb5_max_skdc_timeout. The following is our solution to the
problem. The number of times in which the select could be interrupted (3)
was an arbitary number.
Obviously this was an intermittent problem.
File:lib/os/sendto_kdc.c Routine: krb5_sendto_kdc
struct timeval waitlen;
+ int cc, retry_count;
extern int errno;
.
.
.
+retry:
waitlen.tv_usec = 0;
waitlen.tv_sec = timeout;
FD_ZERO(&readable);
FD_SET(socklist[addr[host].sa_family], &readable);
if (nready = select(1 + socklist[addr[host].sa_family],
&readable,
0,
0,
&waitlen)) {
if (nready == -1) {
+ if (errno == EINTR){
+ if (retry_count > 3){
+ retry_count = 0;
+ continue;
+ }
+ goto retry;
+ }
retval = errno;
goto out;
}
-----------------------------------------------------------------------------
Glenn Machin - SNL
