RT RT/krbdev.mit.edu: Ticket #6949 TCP connection leak with 1.9.1, with connect_to_server() Signed in as guest.
[Logout]

[Home] [Search] [Configuration]

[Display] [History] [Basics] [Dates] [People] [Links] [Jumbo]

 
 

 The Basics  
Id
6949
Status
resolved
Worked
0 min
Priority
0/0
Queue
krb5
 

 Keyword Selections  
Component
Tags
Version_reported
Version_Fixed
  • 1.9.2
Target_Version
  • 1.9.2
 

 Relationships  
Depends on:
Depended on by:
Parents:
Children:

Refers to:
Referred to by:
 
 Dates  
Created: Fri Aug 26 11:39:12 2011
Starts: Not set
Started: Fri Aug 26 13:56:45 2011
Last Contact: Tue Oct 18 16:42:54 2011
Due: Not set
Updated: Wed Dec 16 18:02:57 2015 by tlyu
 

 People  
Owner
 ghudson
Requestors
 juha.erkkila@opinsys.fi
Cc
 
AdminCc
 
 

 More about Juha Erkkil√§  
Comments about this user:
No comment entered about this user
This user's 25 highest priority tickets:
 

History   Display mode: [Brief headers] [Full headers]
      Fri Aug 26 11:39:12 2011  juha.erkkila@opinsys.fi - Ticket created    
     
Date: Fri, 26 Aug 2011 07:25:31 -0000 (UTC)
From: Juha Erkkilä <juha.erkkila@opinsys.fi>
To: krb5-bugs@mit.edu
Subject: TCP connection leak with 1.9.1, with connect_to_server()

TCP connection leak with 1.9.1, with connect_to_server()

Hi,

It seems I have run into a problem with MIT Kerberos version 1.9.1,
that did not occur in some previous versions.  The addition of
connect_to_server() in src/lib/kadm5/clnt/client_init.c appears to cause
TCP socket leak.  For every new connection, connect_to_server() is used
and it provides the socket to clnttcp_create(), but clnttcp_*-functions
leave the responsibility of closing the socket to the layer that created
the socket.  Thus, kadm5_destroy() and clnt_destroy() will not close
the socket created in connect_to_server().

If I understand the API correctly, calling:

kadm5_init_krb5_context(&context)
kadm5_init_with_skey(context, ..., &kadm5_handle)
  ...
kadm5_destroy(kadm5_handle)

should not produce such a leak.

Here's a patch that fixes the problem by making the clnt_destroy()
function take care of closing the socket.  I don't know if this
is a proper way to solve the issue, though.

Juha

diff -ruN krb5-1.9.1+dfsg.debpatched/src/include/gssrpc/clnt.h krb5-
1.9.1+dfsg/src/include/gssrpc/clnt.h
--- krb5-1.9.1+dfsg.debpatched/src/include/gssrpc/clnt.h        2011-06-02
16:24:25.000000000 +0300
+++ krb5-1.9.1+dfsg/src/include/gssrpc/clnt.h   2011-08-25 17:04:46.000000000 +0300
@@ -273,9 +273,10 @@
  *     register int *sockp;
  *     u_int sendsz;
  *     u_int recvsz;
+ *     int always_closesocket;
  */
 extern CLIENT *clnttcp_create(struct sockaddr_in *, rpcprog_t, rpcvers_t,
-                             int *, u_int, u_int);
+                             int *, u_int, u_int, int);

 /*
  * UDP based rpc.
diff -ruN krb5-1.9.1+dfsg.debpatched/src/lib/kadm5/clnt/client_init.c krb5-
1.9.1+dfsg/src/lib/kadm5/clnt/client_init.c
--- krb5-1.9.1+dfsg.debpatched/src/lib/kadm5/clnt/client_init.c 2011-06-02
16:24:25.000000000 +0300
+++ krb5-1.9.1+dfsg/src/lib/kadm5/clnt/client_init.c    2011-08-25 17:04:46.000000000
+0300
@@ -293,7 +293,7 @@
     if (code)
         goto error;

-    handle->clnt = clnttcp_create(NULL, rpc_prog, rpc_vers, &fd, 0, 0);
+    handle->clnt = clnttcp_create(NULL, rpc_prog, rpc_vers, &fd, 0, 0, 1);
     if (handle->clnt == NULL) {
         code = KADM5_RPC_ERROR;
 #ifdef DEBUG
diff -ruN krb5-1.9.1+dfsg.debpatched/src/lib/rpc/clnt_generic.c krb5-
1.9.1+dfsg/src/lib/rpc/clnt_generic.c
--- krb5-1.9.1+dfsg.debpatched/src/lib/rpc/clnt_generic.c       2011-06-02
16:24:25.000000000 +0300
+++ krb5-1.9.1+dfsg/src/lib/rpc/clnt_generic.c  2011-08-25 17:04:46.000000000 +0300
@@ -101,7 +101,7 @@
                clnt_control(client, CLSET_TIMEOUT, &tv);
                break;
        case IPPROTO_TCP:
-               client = clnttcp_create(&sockin, prog, vers, &sock, 0, 0);
+               client = clnttcp_create(&sockin, prog, vers, &sock, 0, 0, 0);
                if (client == NULL) {
                        return (NULL);
                }
diff -ruN krb5-1.9.1+dfsg.debpatched/src/lib/rpc/clnt_tcp.c krb5-
1.9.1+dfsg/src/lib/rpc/clnt_tcp.c
--- krb5-1.9.1+dfsg.debpatched/src/lib/rpc/clnt_tcp.c   2011-06-02 16:24:25.000000000
+0300
+++ krb5-1.9.1+dfsg/src/lib/rpc/clnt_tcp.c      2011-08-25 17:04:46.000000000 +0300
@@ -127,7 +127,8 @@
        rpcvers_t vers,
         SOCKET *sockp,
        u_int sendsz,
-       u_int recvsz)
+       u_int recvsz,
+       int always_closesocket)
 {
        CLIENT *h;
        register struct ct_data *ct = 0;
@@ -178,7 +179,7 @@
                }
                ct->ct_closeit = TRUE;
        } else {
-               ct->ct_closeit = FALSE;
+               ct->ct_closeit = always_closesocket ? TRUE : FALSE;
        }

        /*
diff -ruN krb5-1.9.1+dfsg.debpatched/src/lib/rpc/pmap_getmaps.c krb5-
1.9.1+dfsg/src/lib/rpc/pmap_getmaps.c
--- krb5-1.9.1+dfsg.debpatched/src/lib/rpc/pmap_getmaps.c       2011-06-02
16:24:25.000000000 +0300
+++ krb5-1.9.1+dfsg/src/lib/rpc/pmap_getmaps.c  2011-08-25 17:04:46.000000000 +0300
@@ -75,7 +75,7 @@
        minutetimeout.tv_usec = 0;
        address->sin_port = htons(PMAPPORT);
        client = clnttcp_create(address, PMAPPROG,
-           PMAPVERS, &sock, 50, 500);
+           PMAPVERS, &sock, 50, 500, 0);
        if (client != (CLIENT *)NULL) {
                if (CLNT_CALL(client, PMAPPROC_DUMP, xdr_void, NULL, xdr_pmaplist,
                    &head, minutetimeout) != RPC_SUCCESS) {


Download (untitled) 4.1k
      Fri Aug 26 13:56:45 2011  ghudson - Given to ghudson    
      Fri Aug 26 13:56:45 2011  ghudson - Status changed from new to review    
      Fri Aug 26 13:56:45 2011  ghudson - Correspondence added    
     
From: ghudson@mit.edu
Subject: SVN Commit


Remember and close the kadmin socket we opened.

Prior to ticket #6746, the RPC library opened the kadmin socket and
took responsibility for closing.  When we added IPv6 support, the
calling code became the owner of the socket but wasn't closing it,
resulting in a file descriptor leak.

https://github.com/krb5/krb5/commit/de196505008b476133ad5890963610833f1a089d
Commit By: ghudson
Revision: 25115
Changed Files:
U   trunk/src/lib/kadm5/clnt/client_init.c
U   trunk/src/lib/kadm5/clnt/client_internal.h


Download (untitled) 506b
      Fri Aug 26 13:57:20 2011  ghudson - Target_Version 1.9.2 added    
      Fri Aug 26 13:57:20 2011  ghudson - Tags pullup added    
      Tue Oct 18 16:42:53 2011  tlyu - Status changed from review to resolved    
      Tue Oct 18 16:42:53 2011  tlyu - Version_Fixed 1.9.2 added    
      Tue Oct 18 16:42:53 2011  tlyu - Correspondence added    
     
From: tlyu@mit.edu
Subject: SVN Commit


pull up r25115 from trunk

 ------------------------------------------------------------------------
 r25115 | ghudson | 2011-08-26 13:56:44 -0400 (Fri, 26 Aug 2011) | 9 lines

 ticket: 6949

 Remember and close the kadmin socket we opened.

 Prior to ticket #6746, the RPC library opened the kadmin socket and
 took responsibility for closing.  When we added IPv6 support, the
 calling code became the owner of the socket but wasn't closing it,
 resulting in a file descriptor leak.

https://github.com/krb5/krb5/commit/0899a4eb6b3c5f383a47f329935ae07d8ccf36c6
Commit By: tlyu
Revision: 25379
Changed Files:
U   branches/krb5-1-9/src/lib/kadm5/clnt/client_init.c
U   branches/krb5-1-9/src/lib/kadm5/clnt/client_internal.h


Download (untitled) 724b
      Wed Dec 16 18:02:57 2015  tlyu - Keyword pullup deleted