Return-Path: <krb5-bugs-incoming-bounces@PCH.mit.edu>
Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90]) by krbdev.mit.edu (Postfix) with ESMTP id A96363DC26; Fri, 26 Aug 2011 11:39:10 -0400 (EDT)
Received: from pch.mit.edu (pch.mit.edu [127.0.0.1]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id p7QFdAcE029918; Fri, 26 Aug 2011 11:39:10 -0400
Received: from mailhub-dmz-4.mit.edu (MAILHUB-DMZ-4.MIT.EDU [18.7.62.38]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id p7Q7YK7P015885 for <krb5-bugs-incoming@PCH.mit.edu>; Fri, 26 Aug 2011 03:34:20 -0400
Received: from dmz-mailsec-scanner-7.mit.edu (DMZ-MAILSEC-SCANNER-7.MIT.EDU [18.7.68.36]) by mailhub-dmz-4.mit.edu (8.13.8/8.9.2) with ESMTP id p7Q7YI5l004414 for <krb5-bugs@mit.edu>; Fri, 26 Aug 2011 03:34:20 -0400
X-Auditid: 12074424-b7bcaae000000a05-ba-4e574ca8cadf
Authentication-Results: symauth.service.identifier
Received: from mail.opinsys.fi (ax13.adsl.tnnet.fi [217.112.254.13]) by dmz-mailsec-scanner-7.mit.edu (Symantec Messaging Gateway) with SMTP id B9.DF.02565.9AC475E4; Fri, 26 Aug 2011 03:35:05 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1]) by mail.opinsys.fi (Postfix) with ESMTP id 8E29620B687 for <krb5-bugs@mit.edu>; Fri, 26 Aug 2011 10:25:33 +0300 (EEST)
X-Virus-Scanned: amavisd-new at opinsys.fi
Received: from mail.opinsys.fi ([127.0.0.1]) by localhost (mail.opinsys.fi [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U980kmwH9jpD for <krb5-bugs@mit.edu>; Fri, 26 Aug 2011 10:25:31 +0300 (EEST)
Received: from mail.opinsys.fi (mail.opinsys.fi [10.246.133.21]) by mail.opinsys.fi (Postfix) with ESMTP id 4B42320B684 for <krb5-bugs@mit.edu>; Fri, 26 Aug 2011 10:25:31 +0300 (EEST)
Date: Fri, 26 Aug 2011 07:25:31 -0000 (UTC)
From: Juha Erkkilä <juha.erkkila@opinsys.fi>
To: krb5-bugs@mit.edu
Subject: TCP connection leak with 1.9.1, with connect_to_server()
Message-ID: <b7940fff-e7e7-4771-a64f-f6b12f60b500@mail>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
MIME-Version: 1.0
X-Originating-Ip: [89.236.108.17]
X-Mailer: Zimbra 7.0.0_GA_3077 (ZimbraWebClient - FF3.0 (Linux)/7.0.0_GA_3077)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrGKsWRWlGSWpSXmKPExsVys+Afr+5Kn3A/gw+dihYND4+zOzB6NJ05 yhzAGMVlk5Kak1mWWqRvl8CVsXPXLsaCDUoVy3d8YmtgnCfVxcjJISFgIvHl/kF2EJtRwEhi 97lXrBBxMYkL99azdTFycQgJnGWU+Dv3JTOEs5pR4ue5pewQVVoSmx+8YIdIXGKUOH+xkwXC 2c0oMWHzM7AqFgFtiTOre5lAbDYBW4lru+aygdgiAqISL/8eYwGxhQUcJR68mA8W5xUwl+i4 vRTsDmYBdYk/8y4xQ9jyEtvfzmGGqBGUODnzCQvEFYoSu89OhbL9JA7O+ss2gVFoFpL2WUja ZyFpX8DIvIpRNiW3Sjc3MTOnODVZtzg5MS8vtUjXXC83s0QvNaV0EyMwkIXYXVR2MDYfUjrE KMDBqMTDezEnzE+INbGsuDL3EKMkB5OSKC+PZ7ifEF9SfkplRmJxRnxRaU5q8SFGCQ5mJRHe ej2gHG9KYmVValE+TEqag0VJnNdmp4OfkEB6YklqdmpqQWoRTJaJg/0QowwHh5IE7wZvoG7B otT01Iq0zJwSZDWcIIILZA0P0JoZIIW8xQWJucWZ6RBFpxgVpcR5t4AkBEASGaV5cANAyaf+ ////lxhlpYR5GRkYGIR4gC4AehwhD0perxjFgZ4W5p0OMoUnM68EbvoroMVMQItVHMEWlyQi pKQaGOMXHo81Onp/7uYrafmCnye2LukUkdreUp1wROeIc0j1gtUarqGin4tCWZNKGDMYr5nP v2TxZ3JGcuGaUIGvej5qctmsz9Yr8N54xh05e32Gr68K13aLqvmX9S/GaLIqb+b4fnxyfn0I W96zDimbA3IC7NUfO3bm2IjzmCgveOxa13a3YQ6HEktxRqKhFnNRcSIAiJjWDjkDAAA=
X-Mailman-Approved-At: Fri, 26 Aug 2011 11:39:05 -0400
X-Beenthere: krb5-bugs-incoming@mailman.mit.edu
X-Mailman-Version: 2.1.6
Precedence: list
Sender: krb5-bugs-incoming-bounces@PCH.mit.edu
Errors-To: krb5-bugs-incoming-bounces@PCH.mit.edu
Content-Length: 4299

TCP connection leak with 1.9.1, with connect_to_server()

Hi,

It seems I have run into a problem with MIT Kerberos version 1.9.1,
that did not occur in some previous versions.  The addition of
connect_to_server() in src/lib/kadm5/clnt/client_init.c appears to cause
TCP socket leak.  For every new connection, connect_to_server() is used
and it provides the socket to clnttcp_create(), but clnttcp_*-functions
leave the responsibility of closing the socket to the layer that created
the socket.  Thus, kadm5_destroy() and clnt_destroy() will not close
the socket created in connect_to_server().

If I understand the API correctly, calling:

kadm5_init_krb5_context(&context)
kadm5_init_with_skey(context, ..., &kadm5_handle)
  ...
kadm5_destroy(kadm5_handle)

should not produce such a leak.

Here's a patch that fixes the problem by making the clnt_destroy()
function take care of closing the socket.  I don't know if this
is a proper way to solve the issue, though.

Juha

diff -ruN krb5-1.9.1+dfsg.debpatched/src/include/gssrpc/clnt.h krb5-1.9.1+dfsg/src/include/gssrpc/clnt.h
--- krb5-1.9.1+dfsg.debpatched/src/include/gssrpc/clnt.h        2011-06-02 16:24:25.000000000 +0300
+++ krb5-1.9.1+dfsg/src/include/gssrpc/clnt.h   2011-08-25 17:04:46.000000000 +0300
@@ -273,9 +273,10 @@
  *     register int *sockp;
  *     u_int sendsz;
  *     u_int recvsz;
+ *     int always_closesocket;
  */
 extern CLIENT *clnttcp_create(struct sockaddr_in *, rpcprog_t, rpcvers_t,
-                             int *, u_int, u_int);
+                             int *, u_int, u_int, int);

 /*
  * UDP based rpc.
diff -ruN krb5-1.9.1+dfsg.debpatched/src/lib/kadm5/clnt/client_init.c krb5-1.9.1+dfsg/src/lib/kadm5/clnt/client_init.c
--- krb5-1.9.1+dfsg.debpatched/src/lib/kadm5/clnt/client_init.c 2011-06-02 16:24:25.000000000 +0300
+++ krb5-1.9.1+dfsg/src/lib/kadm5/clnt/client_init.c    2011-08-25 17:04:46.000000000 +0300
@@ -293,7 +293,7 @@
     if (code)
         goto error;

-    handle->clnt = clnttcp_create(NULL, rpc_prog, rpc_vers, &fd, 0, 0);
+    handle->clnt = clnttcp_create(NULL, rpc_prog, rpc_vers, &fd, 0, 0, 1);
     if (handle->clnt == NULL) {
         code = KADM5_RPC_ERROR;
 #ifdef DEBUG
diff -ruN krb5-1.9.1+dfsg.debpatched/src/lib/rpc/clnt_generic.c krb5-1.9.1+dfsg/src/lib/rpc/clnt_generic.c
--- krb5-1.9.1+dfsg.debpatched/src/lib/rpc/clnt_generic.c       2011-06-02 16:24:25.000000000 +0300
+++ krb5-1.9.1+dfsg/src/lib/rpc/clnt_generic.c  2011-08-25 17:04:46.000000000 +0300
@@ -101,7 +101,7 @@
                clnt_control(client, CLSET_TIMEOUT, &tv);
                break;
        case IPPROTO_TCP:
-               client = clnttcp_create(&sockin, prog, vers, &sock, 0, 0);
+               client = clnttcp_create(&sockin, prog, vers, &sock, 0, 0, 0);
                if (client == NULL) {
                        return (NULL);
                }
diff -ruN krb5-1.9.1+dfsg.debpatched/src/lib/rpc/clnt_tcp.c krb5-1.9.1+dfsg/src/lib/rpc/clnt_tcp.c
--- krb5-1.9.1+dfsg.debpatched/src/lib/rpc/clnt_tcp.c   2011-06-02 16:24:25.000000000 +0300
+++ krb5-1.9.1+dfsg/src/lib/rpc/clnt_tcp.c      2011-08-25 17:04:46.000000000 +0300
@@ -127,7 +127,8 @@
        rpcvers_t vers,
         SOCKET *sockp,
        u_int sendsz,
-       u_int recvsz)
+       u_int recvsz,
+       int always_closesocket)
 {
        CLIENT *h;
        register struct ct_data *ct = 0;
@@ -178,7 +179,7 @@
                }
                ct->ct_closeit = TRUE;
        } else {
-               ct->ct_closeit = FALSE;
+               ct->ct_closeit = always_closesocket ? TRUE : FALSE;
        }

        /*
diff -ruN krb5-1.9.1+dfsg.debpatched/src/lib/rpc/pmap_getmaps.c krb5-1.9.1+dfsg/src/lib/rpc/pmap_getmaps.c
--- krb5-1.9.1+dfsg.debpatched/src/lib/rpc/pmap_getmaps.c       2011-06-02 16:24:25.000000000 +0300
+++ krb5-1.9.1+dfsg/src/lib/rpc/pmap_getmaps.c  2011-08-25 17:04:46.000000000 +0300
@@ -75,7 +75,7 @@
        minutetimeout.tv_usec = 0;
        address->sin_port = htons(PMAPPORT);
        client = clnttcp_create(address, PMAPPROG,
-           PMAPVERS, &sock, 50, 500);
+           PMAPVERS, &sock, 50, 500, 0);
        if (client != (CLIENT *)NULL) {
                if (CLNT_CALL(client, PMAPPROC_DUMP, xdr_void, NULL, xdr_pmaplist,
                    &head, minutetimeout) != RPC_SUCCESS) {