Memory leaks in Kerberos 5 1.6.4-beta1 and 1.7

Dan Searle dan.searle at
Fri Nov 6 13:02:16 EST 2009


I tried the patch (applied to the 1.7 public release as I don't have 
access to the 1.7.1 branch), however now I get a different leak:

==16212== 50 bytes in 2 blocks are definitely lost in loss record 66 of 81
==16212==    at 0x4022AB8: malloc (vg_replace_malloc.c:207)
==16212==    by 0x4195FCF: strdup (in /lib/tls/i686/cmov/
==16212==    by 0x41DF9D9: (within /lib/tls/i686/cmov/
==16212==    by 0x41E1AD8: getaddrinfo (in /lib/tls/i686/cmov/
==16212==    by 0x4279F38: krb5int_getaddrinfo (fake-addrinfo.c:315)
==16212==    by 0x40BE474: krb5_sname_to_principal (sn2princ.c:112)
==16212==    by 0x4042318: krb5_gss_import_name (import_name.c:99)
==16212==    by 0x403703B: gssint_import_internal_name (g_glue.c:306)
==16212==    by 0x403502F: gss_add_cred (g_acquire_cred.c:383)
==16212==    by 0x403535B: gss_acquire_cred (g_acquire_cred.c:198)
==16212==    by 0x8049C31: main (squid_kerb_auth.c:489)

Regards, Dan...

Ken Raeburn wrote:
> On Nov 6, 2009, at 11:22, Dan Searle wrote:
>> I came across two memory leaks in the Kerberos 5 libs after using the
>> squid_kerb_auth helper in squid which performs single sign with
>> KRB5RCACHETYPE=none. I.e. with the replay protection cache switched  
>> off.
> These should be fixed in 1.7.1.  You can see the ticket (with a link  
> to a patch you can try out) at 
>   .  (Both problems listed in your email seem to be regarding the same  
> allocation site where we weren't freeing the storage, just with  
> different callers further up the stack.)  If that doesn't fix the  
> problem for you, please let us know.
> Ken
> ------------------------------------------------------------------------
> No virus found in this incoming message.
> Checked by AVG - 
> Version: 9.0.698 / Virus Database: 270.14.52/2484 - Release Date: 11/06/09 07:38:00

Dan Searle

CensorNet Ltd - professional & affordable Web & E-mail filtering
email: dan.searle at web:
tel: 0845 230 9590 / fax: 0845 230 9591 / support: 0845 230 9592
snail: Vallon House, Vantage Court Office Park, Winterbourne,
       Bristol, BS16 1GW, UK.

CensorNet Ltd is a registered company in England & Wales No. 05518629
VAT registration number 901-2048-78
Any views expressed in this email communication are those of the
individual sender, except where the sender specifically states them to
be the views of a member of Censornet Ltd.  Censornet Ltd. does not
represent, warrant or guarantee that the integrity of this
communication has been maintained nor that the communication is free
of errors or interference. 

Scanned for viruses, spam and offensive content by CensorNet MailSafe

Try CensorNet free for 14 days. Provide Internet access on your terms.
Visit for more information.

More information about the krbdev mailing list