Fwd: possible memory leak in 1.3.2

Will Fiveash william.fiveash at sun.com
Fri Mar 12 12:03:17 EST 2004 

(Actually I've sent this several times, using mutt and signed via gpg
but it never showed up on the krbdev list.  Trying again, unsigned.)

I sent this yesterday but I never saw it on the krbdev list.  BTW, I've
confirmed that there is a memory leak.  I've attached a patch.

----- Forwarded message from Will Fiveash <william.fiveash at sun.com> -----

Date: Mon, 8 Mar 2004 18:33:26 -0600
From: Will Fiveash <william.fiveash at sun.com>
Subject: possible memory leak in 1.3.2
To: MIT Kerberos Dev List <krbdev at MIT.EDU>
Mail-Followup-To: MIT Kerberos Dev List <krbdev at MIT.EDU>

I'm testing the kdc with "kdc_ports = 0" in the kdc.conf which forces the kdc
to use TCP.  What I notice is the virt. memory size of the kdc continues to
grow as I run 40 instances of kinit's over and over.  I suspect a memory leak
but I'm not sure at this point so I thought I'd see if someone on the list can
confirm my suspicion regarding certain fuctions.  In src/kdc/network.c I see:

add_fd (struct socksetup *data, int sock, int conntype,
    void (*service)(struct connection *, const char *, int))
{
    struct connection *newconn;
    void *tmp;

    newconn = malloc(sizeof(*newconn));
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    if (newconn == 0) {
    data->retval = errno;
    com_err(data->prog, errno,
        "cannot allocate storage for connection info");
    return 0;
    }
    if (!ADD(connections, newconn, tmp)) {
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    data->retval = errno;
    com_err(data->prog, data->retval, "cannot save socket info");
    free(newconn);
    return 0;
    }

and later there is:

static void
kill_tcp_connection(struct connection *conn)
{
    delete_fd(conn);
    ^^^^^^^^^^^^^^^ does not free(conn)
    if (conn->u.tcp.response)
    krb5_free_data(kdc_context, conn->u.tcp.response);
    if (conn->u.tcp.buffer)
    free(conn->u.tcp.buffer);
    FD_CLR(conn->fd, &sstate.rfds);
    FD_CLR(conn->fd, &sstate.wfds);
    if (sstate.max == conn->fd + 1)
    while (sstate.max > 0
           && ! FD_ISSET(sstate.max-1, &sstate.rfds)
           && ! FD_ISSET(sstate.max-1, &sstate.wfds)
           /* && ! FD_ISSET(sstate.max-1, &sstate.xfds) */
        )
        sstate.max--;
    close(conn->fd);
    conn->fd = -1;
    tcp_data_counter--;
}

So how is the newconn malloc'ed in add_fd() free()'ed?

-- 
Will Fiveash
Sun Microsystems Inc.
Austin, TX, USA (TZ=CST6CDT)
GPG PubKey ID:0x7D31DC39, Key server: www.keyserver.net



----- End forwarded message -----

-- 
Will Fiveash
Sun Microsystems Inc.
Austin, TX, USA (TZ=CST6CDT)
GPG PubKey ID:0x7D31DC39, Key server: www.keyserver.net

More information about the krbdev mailing list