Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.411 (Entity 5.404)
RT-Send-CC:
X-RT-Original-Encoding: iso-8859-1
Content-Length: 1475

I noticed this while unit testing new code in our WebISO system to make
sure I matched up all the krb5 alloc/free calls. I'm pretty sure
it wasn't happening pre 1.3 with krb5 grabbed directly from MIT.

I've got some abstraction of the Kerberos library calls going on, so
doing a single krb5_init_context would be slightly painful, as I also
wouldn't want to resort to a static variable to hold it, assuming I
have no other place to hang it.

What about adding reference counting to {add,free}_error_table?
Not sure if thats the location you were suggesting, but that seems like
the place to put it. If the error_table passed in to add_error_table is
already in the list, then up the ref count. And in free_error_table,
decrement and garbage collect if need be.

That would at least cap the leak from calling add_error_table multiple
times on the same error table without a free_error_table.

Of course all this error table stuff is not thread-safe since it uses
static variable and no mutexes. Any work going on to make krb5/gssapi
thread safe?

thanks, roland (schemers@stanford.edu)

> While in theory - we could add a reference count for each error table,
> krb5_free_ets does nothing...
> 
> A simple code change would be to lib/krb5/error_tables/init_ets to have
> a simple reference count which is incremented when someone calls it - 
> and a decrement in free_ets would make sense - then have free_ets
> release the error table if the count reaches zero.
> 
> 	Ezra