Memory Leak problems with krb5_get_init_creds_password?

brian.joh@comcast.net brian.joh at comcast.net
Thu Aug 18 13:56:20 EDT 2005


Memory leaks are concerning to my project.  It'd be more of
a concern if we hadn't decided to support Heimdal too.

How many known memory leaks still exist in MIT Kerberos?

Also, this is not meant to be offensive, but if there are
known memory leaks, why haven't they at least been minimized?
I mean there are often easy workarounds.  If Chet read the
source code properly, res_ninit() is being called before every
DNS lookup, but given the leaks, it probably should be called
from krb5_init_context().  (However, Chet's program doesn't
actually test that this isn't already being done, since the
krb5_init_context call is made inside of the while loop.)
The leak also could be minimized by checking timestamps and
only calling res_ninit only if the DNS config files changed.

Anyways, we are developing a software package built on top of
MIT Kerberos to perform Active Directory authentication from
UNIX throughout our entire company (over 100,000 employees).
But we can't do this until all leaks are at least minimized.
I'd do it myself, but my company tries to avoid certain
customizations.  Basically I can't modify/recompile the MIT
source which BTW has created alot more work for me.  I could
possibly submit a patch though.

Thanks.
Brian Joh



More information about the Kerberos mailing list