Memory Leak problems with krb5_get_init_creds_password?

Chet Burgess cfb at usc.edu
Wed Aug 17 10:58:03 EDT 2005 

On Wed, Aug 17, 2005 at 12:07:40PM +0000, Jeffrey Altman wrote:
> Chet Burgess wrote:
> 
> > It is important to note that even if you have the
> > REALM and KDC(s) listed in the file properly the library will still
> > try DNS first, so you MUST add "dns_fallback = false" to turn off the
> > resolver calls.
> 
> I am fairly sure that DNS is not used in preference to the configuration
> data in the krb5.conf file.   However, the library probably calls the
> resolver library init routine prior to making a request.

	The res_ninit() call and the subsequent calls for the DNS
records are made in the krb5int_dns_init function found at
src/lib/krb5/os. The res_ninit() call is made for every lookup. As for
the DNS vs. config file variable, I had a proper krb5.conf file that
listed the REALM and the KDCs, untill I added "dns_fallback = false"
to the config file it would always try DNS then look at the config
file.

> Are you suggesting that calling res_init() repeatedly from the same
> thread results in a memory leak?

	Suggesting? I guess I was not clear, calling res_ninit() more
than once will result in a memory leak on Solaris (and on Linux,
though I have not tested this). 
	
	Neither Solaris (or Linux) make available a function to free
the memory allocated to a resolver state by res_ninit(). Other flavors
of Unix have a function called res_ndestroy() for just this sort of
thing. In fact Solaris has this function but it is marked as local in
the library so you cannot link against it. 

cfb at sandman:> nm /usr/lib/libresolv.so | grep res_ndestroy
[200] | 194936|  60|FUNC |LOCL |0  |9  |res_ndestroy

	The kerberos developers in fact seem to know/understand this
as they have a report of this problem on the krb5-bugs mailing list
(http://mailman.mit.edu/pipermail/krb5-bugs/2005-January/003549.html).

	Below is a simple example program that exploits this problem.

#include <stdio.h>
#include <string.h>
#include <resolv.h>

int
main(int argc, char **argv) {

    struct __res_state statbuf;
    int ret = 0;

    while (1) {
      ret = res_ninit(&statbuf);
      if (ret != 0) printf("Init error!\n");
      res_nclose(&statbuf);
      printf("Done!\n");
    }
}

Compile with something like (this would be for a 64-bit version):
cc -Iinclude -D_REENTRANT -KPIC -xarch=v9 -DUSE_64 -g -c -o
resolvtest.o resolvtest.c

cc -o resolvtest -Iinclude -D_REENTRANT -KPIC
-xarch=v9 -DUSE_64 -g -lresolv -lsocket -lnsl resolvtest.o

-- 
Chet Burgess

Manager, Enterprise Collaboration Services
Information Services Division
University of Southern California
cfb at usc.edu
213-740-5160

More information about the Kerberos mailing list