To: | krb5-bugs@mit.edu |
Subject: | socket leak in sendto_kdc.c, start_connection() |
From: | Bill Dodd <bdodd@austin.ibm.com> |
Date: | 24 Feb 2004 17:56:29 -0600 |
In start_connection(), if the connect() fails (e.g. with ECONNREFUSED),
an error is returned, but the socket is not closed.
To observe the leak, set udp_preference_limit to 1 in krb5.conf and
run kdc5_hammer with a large repeat count against a kdc that only
listens on UDP. Observe the open files/sockets with lsof. A contrived
scenario to be sure, but it can be seen in more legitimate cases as
well.
Observed on 1.3.2-beta5, but it exists in all 1.3.X releases.
Patch follows:
*** sendto_kdc.c.orig Fri Dec 5 19:30:42 2003
--- sendto_kdc.c Tue Feb 24 14:37:47 2004
***************
*** 563,566 ****
--- 563,568 ----
} else {
dprint("connect failed: %m\n", SOCKET_ERRNO);
+ dprint("closing fd %d\n", fd);
+ (void) closesocket(fd);
state->err = SOCKET_ERRNO;
state->state = FAILED;