Subject: | Memory leak in save_error_string_nocopy() |
From: | Tim Pozdeev <TIMOFEY.POZDEEV@saic.com> |
To: | krb5-bugs@mit.edu |
Date: | Wed, 15 Dec 2010 13:49:55 +1100 |
krb5 version 1.8.3. It also applies to version 1.7.x.
There is a memory leak in save_error_string_nocopy() in disp_status.c.
Using umem and gcore leak detection under Solaris highlights the
following leak.
umem_alloc_16 leak: 84 buffers, 16 bytes each, 1344 bytes total
ADDR BUFADDR TIMESTAMP THREAD
CACHE LASTLOG CONTENTS
592b7e0 5929750 1b4ec693e03bcb 172
226a028 221ac00 0
libumem.so.1`umem_cache_alloc_debug+0x12b
libumem.so.1`umem_cache_alloc+0xc8
libumem.so.1`umem_alloc+0xaf
libumem.so.1`malloc+0x2e
libgssapi_krb5.so.2`gss_krb5_save_error_string_nocopy
+0x2e
libgssapi_krb5.so.2`krb5_gss_save_error_string+0x2f
libgssapi_krb5.so.2`krb5_gss_save_error_info+0x2b
libgssapi_krb5.so.2`krb5_gss_validate_cred+0x6e
libgssapi_krb5.so.2`krb5_gss_init_sec_context+0x175
libgssapi_krb5.so.2`gss_init_sec_context+0x27c
The memory allocated on line 81 (in disp_status.c) never gets freed.
79: p = k5_getspecific(K5_KEY_GSS_KRB5_ERROR_MESSAGE);
80: if (!p) {
81: p = malloc(sizeof(*p)); <<<--- here
82: if (p == NULL) {
83: ret = 1;
The fix is to free the memory in krb5_gss_delete_error_info():
--- disp_status.c Tue Dec 8 11:04:48 2009
+++ disp_status.c-fixed Wed Dec 15 12:00:12 2010
@@ -148,6 +148,7 @@
void krb5_gss_delete_error_info(void *p)
{
gsserrmap_destroy(p);
+ free(p);
}
/**/
Tim
There is a memory leak in save_error_string_nocopy() in disp_status.c.
Using umem and gcore leak detection under Solaris highlights the
following leak.
umem_alloc_16 leak: 84 buffers, 16 bytes each, 1344 bytes total
ADDR BUFADDR TIMESTAMP THREAD
CACHE LASTLOG CONTENTS
592b7e0 5929750 1b4ec693e03bcb 172
226a028 221ac00 0
libumem.so.1`umem_cache_alloc_debug+0x12b
libumem.so.1`umem_cache_alloc+0xc8
libumem.so.1`umem_alloc+0xaf
libumem.so.1`malloc+0x2e
libgssapi_krb5.so.2`gss_krb5_save_error_string_nocopy
+0x2e
libgssapi_krb5.so.2`krb5_gss_save_error_string+0x2f
libgssapi_krb5.so.2`krb5_gss_save_error_info+0x2b
libgssapi_krb5.so.2`krb5_gss_validate_cred+0x6e
libgssapi_krb5.so.2`krb5_gss_init_sec_context+0x175
libgssapi_krb5.so.2`gss_init_sec_context+0x27c
The memory allocated on line 81 (in disp_status.c) never gets freed.
79: p = k5_getspecific(K5_KEY_GSS_KRB5_ERROR_MESSAGE);
80: if (!p) {
81: p = malloc(sizeof(*p)); <<<--- here
82: if (p == NULL) {
83: ret = 1;
The fix is to free the memory in krb5_gss_delete_error_info():
--- disp_status.c Tue Dec 8 11:04:48 2009
+++ disp_status.c-fixed Wed Dec 15 12:00:12 2010
@@ -148,6 +148,7 @@
void krb5_gss_delete_error_info(void *p)
{
gsserrmap_destroy(p);
+ free(p);
}
/**/
Tim