Memory Leak problems with krb5_get_init_creds_password?

Chet Burgess cfb at usc.edu
Fri Aug 12 20:44:21 EDT 2005 

All,
	I am having a problem with the krb5_get_init_creds_password
API call. It looks like it is causing a memory leak, or perhaps I am
not freeing things properly. I am trying to write a pretty simple
plugin to an existing application to do kerberos authentication. While
I got everything working properly and authenticating, during a 12-hour
stress test I noticed a 4.5GB memory leak.

	I have written a simple program that exploits. The simple
program is included at the bottom of the message. I saw messages from
September of 2004 about a similiar problem with this function call,
but I never saw any resolution to this problem. I have observed this
problem using versions 5-1.4.1 (32-bit), 5-1.4.1 (64-bit), and 5-1.4.2
(64-bit) all compiled on Solaris 9 with the Sun Forte compiler (note
that I have not yet compiled/tested this on a 32-bit version of
5-1.4.2, but at this point I don't think that matters). 

	So does anyone have any ideas? Am I calling something
incorrectly, or not freeing memory when I should be?

--example program--

#include <stdio.h>
#include <string.h>
#include <krb5.h>

#define PRINC "blah at REALM.COM"
#define PASS "password"

int
main(int argc, char **argv) {

  int            r = 0;
  krb5_context   krb_context = 0;      /* Kerberos context      */
  krb5_principal krb_princ = 0;        /* Kerberos principal    */
  krb5_creds     krb_creds;            /* Kerberos credentials  */

  while (1) {
    memset(&krb_creds, 0, sizeof(krb_creds)); 
    if ((r = krb5_init_context(&krb_context)) != 0) {
      printf("Could not init krb_contexti: %s\n", error_message(r));
      goto cleanup;
    } 
    if ((r = krb5_parse_name(krb_context, PRINC, &krb_princ)) != 0) {
      printf("Could not build krb_princ: %s\n", error_message(r));
      goto cleanup;
    }
    if ((r = krb5_get_init_creds_password(krb_context, &krb_creds,
					  krb_princ, PASS, NULL, 0, 0,
					  NULL, 0)) != 0) {
      printf("Kerb auth failed: %s\n", error_message(r));
      goto cleanup;
    }
    
    printf("Auth successful!\n");
    goto cleanup;
    
  cleanup:
    krb5_free_creds(krb_context, &krb_creds);
    if (krb_princ) krb5_free_principal(krb_context, krb_princ);
    if (krb_context) krb5_free_context(krb_context);
  }
}

-- 
Chet Burgess

Manager, Enterprise Collaboration Services
Information Services Division
University of Southern California
cfb at usc.edu
213-740-5160
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 185 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20050812/67f57a42/attachment.bin

More information about the Kerberos mailing list