Memory Leak problems with krb5_get_init_creds_password?
Chet Burgess
cfb at usc.edu
Wed Aug 17 10:58:03 EDT 2005
On Wed, Aug 17, 2005 at 12:07:40PM +0000, Jeffrey Altman wrote:
> Chet Burgess wrote:
>
> > It is important to note that even if you have the
> > REALM and KDC(s) listed in the file properly the library will still
> > try DNS first, so you MUST add "dns_fallback = false" to turn off the
> > resolver calls.
>
> I am fairly sure that DNS is not used in preference to the configuration
> data in the krb5.conf file. However, the library probably calls the
> resolver library init routine prior to making a request.
The res_ninit() call and the subsequent calls for the DNS
records are made in the krb5int_dns_init function found at
src/lib/krb5/os. The res_ninit() call is made for every lookup. As for
the DNS vs. config file variable, I had a proper krb5.conf file that
listed the REALM and the KDCs, untill I added "dns_fallback = false"
to the config file it would always try DNS then look at the config
file.
> Are you suggesting that calling res_init() repeatedly from the same
> thread results in a memory leak?
Suggesting? I guess I was not clear, calling res_ninit() more
than once will result in a memory leak on Solaris (and on Linux,
though I have not tested this).
Neither Solaris (or Linux) make available a function to free
the memory allocated to a resolver state by res_ninit(). Other flavors
of Unix have a function called res_ndestroy() for just this sort of
thing. In fact Solaris has this function but it is marked as local in
the library so you cannot link against it.
cfb at sandman:> nm /usr/lib/libresolv.so | grep res_ndestroy
[200] | 194936| 60|FUNC |LOCL |0 |9 |res_ndestroy
The kerberos developers in fact seem to know/understand this
as they have a report of this problem on the krb5-bugs mailing list
(http://mailman.mit.edu/pipermail/krb5-bugs/2005-January/003549.html).
Below is a simple example program that exploits this problem.
#include <stdio.h>
#include <string.h>
#include <resolv.h>
int
main(int argc, char **argv) {
struct __res_state statbuf;
int ret = 0;
while (1) {
ret = res_ninit(&statbuf);
if (ret != 0) printf("Init error!\n");
res_nclose(&statbuf);
printf("Done!\n");
}
}
Compile with something like (this would be for a 64-bit version):
cc -Iinclude -D_REENTRANT -KPIC -xarch=v9 -DUSE_64 -g -c -o
resolvtest.o resolvtest.c
cc -o resolvtest -Iinclude -D_REENTRANT -KPIC
-xarch=v9 -DUSE_64 -g -lresolv -lsocket -lnsl resolvtest.o
--
Chet Burgess
Manager, Enterprise Collaboration Services
Information Services Division
University of Southern California
cfb at usc.edu
213-740-5160
More information about the Kerberos
mailing list