[krbdev.mit.edu #2277] socket leak in sendto_kdc.c, start_connection()
Bill Dodd via RT
rt-comment at krbdev.mit.edu
Tue Feb 24 18:56:41 EST 2004
In start_connection(), if the connect() fails (e.g. with ECONNREFUSED),
an error is returned, but the socket is not closed.
To observe the leak, set udp_preference_limit to 1 in krb5.conf and
run kdc5_hammer with a large repeat count against a kdc that only
listens on UDP. Observe the open files/sockets with lsof. A contrived
scenario to be sure, but it can be seen in more legitimate cases as
well.
Observed on 1.3.2-beta5, but it exists in all 1.3.X releases.
Patch follows:
*** sendto_kdc.c.orig Fri Dec 5 19:30:42 2003
--- sendto_kdc.c Tue Feb 24 14:37:47 2004
***************
*** 563,566 ****
--- 563,568 ----
} else {
dprint("connect failed: %m\n", SOCKET_ERRNO);
+ dprint("closing fd %d\n", fd);
+ (void) closesocket(fd);
state->err = SOCKET_ERRNO;
state->state = FAILED;
More information about the krb5-bugs
mailing list