[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

FW: memory leak in some Kerberos APIs?

To: <heimdal-discuss@sics.se>
Subject: FW: memory leak in some Kerberos APIs?
From: Kent_Wu@trendmicro.com
Date: Fri, 6 Jun 2003 11:00:22 -0700
Sender: owner-heimdal-discuss@sics.se
Thread-Index: AcMryJ0iBLwS+TgfQ9y387dsKYE3xgAjLLJA
Thread-Topic: memory leak in some Kerberos APIs?

Hi:

	I posted this in MIT discussion group already but am thinking maybe I can get some feedback in this group as well.

Thx a lot.

Kent

-----Original Message-----
From: Kent Wu (RD-US) 
Sent: Thursday, June 05, 2003 6:12 PM
To: krbdev@mit.edu
Subject: memory leak in some Kerberos APIs?


Hi:

	In my Solaris 8 machine I used some MIT Kerberos API/library to get the TGT from a KDC, it works fine however according to my Sun workshop there are some memory leaks reported as well. Below is the snippet of the source code, it's very simple, all it does just to get a TGT then stores it in a cache. I already invoked some resource de-allocation APIs at the end. And the version I downloaded is binary version of krb5-1.2.8 for Solaris 2.8. I also attached the memory leak report from Workshop for your reference. 
	
	There are total 4 leaking instances, 3 are from krb5_get_init_creds_password() basically, another one is from gss_init_sec_context() which I invoked it later. This API is from libgssapi_krb5.so which is also from the downloaded Kerberos package. The odd thing is before I used GSS-API which comes with Solaris 8 and it didn't have the leaking problem, I switched to libgssapi_krb5.so since when I linked with libkrb5.so and libk5crypto.so then SUN's gss_init_sec_context() would complain due to some library conflict I think:

Cannot create context
GSS-API error initializing context: An invalid name was supplied
GSS-API error initializing context: Hostname cannot be canonicalized 

After I switched it can work as long as I changed the GSS_C_NT_HOSTBASED_SERVICE to gss_nt_service_name while invoking gss_import_name() however one leaking instance came out as well.

	Did I miss something here or this is an known issue already or it's just a false alarm from workshop?

Thx a lot.

Kent

  ...........	
 
  /* get the TGT from KDC */

  if (ret = krb5_init_context(&context)) {
      com_err(argv[0], ret, "initializing kerberos library");
      exit(1);
  }	

  if (ret = krb5_parse_name(context, pname, &princ)) {
	 com_err(argv[0], ret, "parsing client name");
	 exit(1);
  }	

  if (ret = krb5_get_init_creds_password(context, 
				 	 &creds, 
					 princ, 
					 PASSWD,
					 0,//krb5_prompter_posix, 
					 0, 
					 0, 
					 0,//"kadmin/changepw", 
					 0//&opts
					 )) {
      if (ret == KRB5KRB_AP_ERR_BAD_INTEGRITY)
		com_err(argv[0], 0, "Password incorrect while getting initial ticket");
      else
		com_err(argv[0], ret, "getting initial ticket");
      exit(1);
  }

  /* save the TGT to cache */

  krb5_ccache cc;

  if ((ret = krb5_cc_default(context, &cc))) {
	    com_err(argv[0], ret, "while getting default ccache");
	    return 0;
  }

  if (ret = krb5_cc_initialize(context, cc, princ)) {
	    com_err(argv[0], ret, "when initializing cache");
	    goto cleanup;
  }

  if (ret = krb5_cc_store_cred(context, cc, &creds)) {
		com_err(argv[0], ret, "while storing credentials");
		goto cleanup;
  }

  /* clean up Kerberos resources */

cleanup:

  if (creds.client == princ) {
	creds.client = 0;
  }
  
  krb5_free_cred_contents(context, &creds);

  if (princ)
	krb5_free_principal(context, princ);

  if (cc)
	krb5_cc_close(context, cc);

  if (context)
	krb5_free_context(context);
  
  ........	

/***************************************************************************************/

 Actual leaks report    (actual leaks:         4  total size:      57 bytes)
 Total  Num of  Leaked      Allocation call stack
 Size   Blocks  Block
                Address
======  ====== ==========  =======================================
    25       1    0x2bbd8   asn1buf_remove_octetstring<-
asn1_decode_octetstring<-asn1_decode_etype_info_entry<-asn1_decode_etype_info
<-decode_krb5_etype_info<-krb5_do_preauth<-krb5_get_init_creds<-
krb5_get_init_creds_password

    16       1    0x2ab88   calloc<-asn1_decode_etype_info<-
decode_krb5_etype_info<-krb5_do_preauth<-krb5_get_init_creds<-
krb5_get_init_creds_password<-main

     8       1    0x2b2b8   get_profile_etype_list<-krb5_get_tgs_ktypes<-
krb5_gss_init_sec_context<-gss_init_sec_context<-main

     8       1    0x36248   asn1_decode_etype_info<-decode_krb5_etype_info<-
krb5_do_preauth<-krb5_get_init_creds<-krb5_get_init_creds_password<-main




_______________________________________________
krbdev mailing list             krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev

Follow-Ups:
- Re: FW: memory leak in some Kerberos APIs?
  - From: joda@pdc.kth.se (Johan Danielsson)

Prev by Date: Re: gss_wrap_size_limit()
Next by Date: Re: FW: memory leak in some Kerberos APIs?
Prev by thread: Re: [Heimdal PATCH] LDAP backend support for OpenLDAP 2.1.x
Next by thread: Re: FW: memory leak in some Kerberos APIs?
Index(es):
- Date
- Thread