Memory Leak problems with krb5_get_init_creds_password?

brian.joh@comcast.net brian.joh at comcast.net
Thu Aug 18 22:36:11 EDT 2005


Ken Raeburn wrote:

> We've run into other cases where a krb5_context is needed but other
> APIs make it difficult for one to be made available.  So there's code
> out there that allocates many short-lived krb5_context structures,
> often without using them for actual network stuff.

OK, thinking back, I can see how it might be difficult to
keep a krb5_context around in certain situations.

However, although I said the change I proposed would move
the "memory leak to krb5_init_context", this wasn't totally
accurate.  Basically, the memory leak would still occur
from the same place in the code (in the DNS SRV lookup code
apparently), but it would occur AT MOST once per
krb5_context.  Res_ninit() still gets called in exactly the
same spot, it just uses a PER krb5_context res_state
structure.  Then, res_ninit() apparently will deallocate
the structure, before initializing it again.

If this change was made, short-lived krb5_context structures
that do DNS SRV lookups (I think this is where res_ninit is
called), would still leak, just not as much.  Short-lived
krb5_context structures that didn't need to do any DNS
stuff wouldn't leak.

Basically, the situation would improve for many important
cases, and there isn't a scenario that I can think of, where
the memory leak would get worse.

Brian



More information about the Kerberos mailing list