Patch 4/9: KDC should release resources when it is about to bail out on error
Alexandr Nedvedicky
alexandr.nedvedicky at oracle.com
Mon Feb 19 19:47:08 EST 2018
Hello,
I'm upgrading kerberos bundled with Solaris to krb5-1.16. Solaris currently
ships krb5-1.15.1. I've noticed there are some memory leaks, while running test
suite, which comes with krb-1.16 (e.g. running 'make check'). I don't think
those memory leaks are critical, though as kerberos newbie I can't be sure, so
I think I'm better to share my findings. All memory leaks were found using
'libumem', which can be found on Solaris (or its OSS sibbling illumos).
All patches are against krb5-1.16 release.
This patch just fixes potential memory leak I could spot while I was hunting
the other leak in pkinit module. This patch just adds proper clean up to error
handling code. The change as such is irrelevant, it just makes code correct.
regards
sasha
--------8<---------------8<---------------8<------------------8<--------
diff --git a/src/kdc/main.c b/src/kdc/main.c
index 2f5daed8b..c5c855d30 100644
--- a/src/kdc/main.c
+++ b/src/kdc/main.c
@@ -1004,6 +1004,8 @@ int main(int argc, char **argv)
retval = load_kdcpolicy_plugins(kcontext);
if (retval) {
kdc_err(kcontext, retval, _("while loading KDC policy plugin"));
+ unload_authdata_plugins(kcontext);
+ load_preauth_plugins(&shandle, kcontext, ctx);
finish_realms();
return 1;
}
@@ -1011,6 +1013,9 @@ int main(int argc, char **argv)
retval = setup_sam();
if (retval) {
kdc_err(kcontext, retval, _("while initializing SAM"));
+ unload_kdcpolicy_plugins(kcontext);
+ unload_authdata_plugins(kcontext);
+ load_preauth_plugins(&shandle, kcontext, ctx);
finish_realms();
return 1;
}
@@ -1038,6 +1043,9 @@ int main(int argc, char **argv)
retval = loop_setup_signals(ctx, &shandle, reset_for_hangup);
if (retval) {
kdc_err(kcontext, retval, _("while initializing signal handlers"));
+ unload_kdcpolicy_plugins(kcontext);
+ unload_authdata_plugins(kcontext);
+ load_preauth_plugins(&shandle, kcontext, ctx);
finish_realms();
return 1;
}
@@ -1046,11 +1054,17 @@ int main(int argc, char **argv)
tcp_listen_backlog))) {
net_init_error:
kdc_err(kcontext, retval, _("while initializing network"));
+ unload_kdcpolicy_plugins(kcontext);
+ unload_authdata_plugins(kcontext);
+ load_preauth_plugins(&shandle, kcontext, ctx);
finish_realms();
return 1;
}
if (!nofork && daemon(0, 0)) {
kdc_err(kcontext, errno, _("while detaching from tty"));
+ unload_kdcpolicy_plugins(kcontext);
+ unload_authdata_plugins(kcontext);
+ load_preauth_plugins(&shandle, kcontext, ctx);
finish_realms();
return 1;
}
@@ -1058,6 +1072,9 @@ int main(int argc, char **argv)
retval = write_pid_file(pid_file);
if (retval) {
kdc_err(kcontext, retval, _("while creating PID file"));
+ unload_kdcpolicy_plugins(kcontext);
+ unload_authdata_plugins(kcontext);
+ load_preauth_plugins(&shandle, kcontext, ctx);
finish_realms();
return 1;
}
@@ -1067,6 +1084,9 @@ int main(int argc, char **argv)
retval = create_workers(ctx, workers);
if (retval) {
kdc_err(kcontext, errno, _("creating worker processes"));
+ unload_kdcpolicy_plugins(kcontext);
+ unload_authdata_plugins(kcontext);
+ load_preauth_plugins(&shandle, kcontext, ctx);
return 1;
}
/* We get here only in a worker child process; re-initialize realms. */
@@ -1077,6 +1097,9 @@ int main(int argc, char **argv)
retval = load_audit_modules(kcontext);
if (retval) {
kdc_err(kcontext, retval, _("while loading audit plugin module(s)"));
+ unload_kdcpolicy_plugins(kcontext);
+ unload_authdata_plugins(kcontext);
+ load_preauth_plugins(&shandle, kcontext, ctx);
finish_realms();
return 1;
}
More information about the krbdev
mailing list