search

painless-security / trust-router

Moonshot Trust Router
0 stars 0 forks source link

Possible memory leak in gss_inquire_context() and gss_accept_sec_context() #78

Open jennifer-richards opened 6 years ago

jennifer-richards commented 6 years ago

Running valgrind, seeing memory leaks in a few places where we call gss_inquire_context() and gss_accept_sec_context(). Need to determine whether this is our doing or in the library. After a cursory check, I think we are freeing the necessary return values according to the gssapi documentation.

Some of these appear to be caused by threads not cleaning up before exiting when the program was interrupted. Valgrind is likely to see these as memory loss even if there is no actual problem.

==9898== 25 (16 direct, 9 indirect) bytes in 1 blocks are definitely lost in loss record 3,373 of 12,981
==9898==    at 0x4C2FB0F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==9898==    by 0x6017162: ??? (in /usr/lib/x86_64-linux-gnu/libgssapi_krb5.so.2.2)
==9898==    by 0x601DF74: ??? (in /usr/lib/x86_64-linux-gnu/libgssapi_krb5.so.2.2)
==9898==    by 0x6024534: gss_inquire_context (in /usr/lib/x86_64-linux-gnu/libgssapi_krb5.so.2.2)
==9898==    by 0x1139EA: trp_connection_set_peer (trp_conn.c:78)
==9898==    by 0x114112: trp_connection_initiate (trp_conn.c:396)
==9898==    by 0x10FF04: tr_trpc_thread (tr_trp.c:667)
==9898==    by 0x625C7FB: start_thread (pthread_create.c:465)
==9898==    by 0x6588B5E: clone (clone.S:95)
==9898== 
==9898== 25 (16 direct, 9 indirect) bytes in 1 blocks are definitely lost in loss record 3,375 of 12,981
==9898==    at 0x4C2FB0F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==9898==    by 0x6017162: ??? (in /usr/lib/x86_64-linux-gnu/libgssapi_krb5.so.2.2)
==9898==    by 0x601DF74: ??? (in /usr/lib/x86_64-linux-gnu/libgssapi_krb5.so.2.2)
==9898==    by 0x6018DB8: gss_accept_sec_context (in /usr/lib/x86_64-linux-gnu/libgssapi_krb5.so.2.2)
==9898==    by 0x12C8DF: gsscon_passive_authenticate (gsscon_passive.c:134)
==9898==    by 0x113EEB: trp_connection_auth (trp_conn.c:314)
==9898==    by 0x115C43: trps_authorize_connection (trps.c:434)
==9898==    by 0x10FC7A: tr_trps_thread (tr_trp.c:147)
==9898==    by 0x625C7FB: start_thread (pthread_create.c:465)
==9898==    by 0x6588B5E: clone (clone.S:95)
==9898== 
==9898== 25 (16 direct, 9 indirect) bytes in 1 blocks are definitely lost in loss record 3,376 of 12,981
==9898==    at 0x4C2FB0F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==9898==    by 0x6017162: ??? (in /usr/lib/x86_64-linux-gnu/libgssapi_krb5.so.2.2)
==9898==    by 0x601DF74: ??? (in /usr/lib/x86_64-linux-gnu/libgssapi_krb5.so.2.2)
==9898==    by 0x6024534: gss_inquire_context (in /usr/lib/x86_64-linux-gnu/libgssapi_krb5.so.2.2)
==9898==    by 0x12CC04: gsscon_authorize (gsscon_passive.c:232)
==9898==    by 0x113F29: trp_connection_auth (trp_conn.c:323)
==9898==    by 0x115C43: trps_authorize_connection (trps.c:434)
==9898==    by 0x10FC7A: tr_trps_thread (tr_trp.c:147)
==9898==    by 0x625C7FB: start_thread (pthread_create.c:465)
==9898==    by 0x6588B5E: clone (clone.S:95)
==9898==
jennifer-richards commented 6 years ago

Another:

==9898== 56 bytes in 1 blocks are definitely lost in loss record 5,632 of 12,981
==9898==    at 0x4C31B25: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==9898==    by 0x8A64FAC: wpabuf_alloc (in /usr/lib/x86_64-linux-gnu/gss/mech_eap.so)
==9898==    by 0x8A5E626: eap_msg_alloc (in /usr/lib/x86_64-linux-gnu/gss/mech_eap.so)
==9898==    by 0x8A5C224: eap_sm_buildIdentity (in /usr/lib/x86_64-linux-gnu/gss/mech_eap.so)
==9898==    by 0x8A5D909: eap_peer_sm_step (in /usr/lib/x86_64-linux-gnu/gss/mech_eap.so)
==9898==    by 0x8A34977: ??? (in /usr/lib/x86_64-linux-gnu/gss/mech_eap.so)
==9898==    by 0x8A40178: gssEapSmStep (in /usr/lib/x86_64-linux-gnu/gss/mech_eap.so)
==9898==    by 0x8A355DA: gssEapInitSecContext (in /usr/lib/x86_64-linux-gnu/gss/mech_eap.so)
==9898==    by 0x8A3597A: gss_init_sec_context (in /usr/lib/x86_64-linux-gnu/gss/mech_eap.so)
==9898==    by 0x601EFF5: gss_init_sec_context (in /usr/lib/x86_64-linux-gnu/libgssapi_krb5.so.2.2)
==9898==    by 0x12BC19: gsscon_connect (gsscon_active.c:217)
==9898==    by 0x1140EC: trp_connection_initiate (trp_conn.c:385)
==9898==    by 0x10FF04: tr_trpc_thread (tr_trp.c:667)
==9898==    by 0x625C7FB: start_thread (pthread_create.c:465)
==9898==    by 0x6588B5E: clone (clone.S:95)
jennifer-richards commented 6 years ago

Another couple in gss_acquire_cred()

==9898== 82 (32 direct, 50 indirect) bytes in 2 blocks are definitely lost in loss record 8,041 of 12,981
==9898==    at 0x4C31B25: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==9898==    by 0x601720A: ??? (in /usr/lib/x86_64-linux-gnu/libgssapi_krb5.so.2.2)
==9898==    by 0x6025B5D: gss_create_empty_oid_set (in /usr/lib/x86_64-linux-gnu/libgssapi_krb5.so.2.2)
==9898==    by 0x8A3D981: duplicateOidSet (in /usr/lib/x86_64-linux-gnu/gss/mech_eap.so)
==9898==    by 0x8A39DFC: gssEapAcquireCred (in /usr/lib/x86_64-linux-gnu/gss/mech_eap.so)
==9898==    by 0x6019A60: gss_add_cred_from (in /usr/lib/x86_64-linux-gnu/libgssapi_krb5.so.2.2)
==9898==    by 0x6019D69: gss_acquire_cred_from (in /usr/lib/x86_64-linux-gnu/libgssapi_krb5.so.2.2)
==9898==    by 0x6040A1C: ??? (in /usr/lib/x86_64-linux-gnu/libgssapi_krb5.so.2.2)
==9898==    by 0x6040C79: ??? (in /usr/lib/x86_64-linux-gnu/libgssapi_krb5.so.2.2)
==9898==    by 0x60196F5: gss_add_cred_from (in /usr/lib/x86_64-linux-gnu/libgssapi_krb5.so.2.2)
==9898==    by 0x6019D69: gss_acquire_cred_from (in /usr/lib/x86_64-linux-gnu/libgssapi_krb5.so.2.2)
==9898==    by 0x6019F45: gss_acquire_cred (in /usr/lib/x86_64-linux-gnu/libgssapi_krb5.so.2.2)
==9898==    by 0x12C7EE: gsscon_passive_authenticate (gsscon_passive.c:88)
==9898==    by 0x113EEB: trp_connection_auth (trp_conn.c:314)
==9898==    by 0x115C43: trps_authorize_connection (trps.c:434)
==9898==    by 0x10FC7A: tr_trps_thread (tr_trp.c:147)
==9898==    by 0x625C7FB: start_thread (pthread_create.c:465)
==9898==    by 0x6588B5E: clone (clone.S:95)
==9898==

and

==9898== 82 (32 direct, 50 indirect) bytes in 2 blocks are definitely lost in loss record 8,043 of 12,981
==9898==    at 0x4C31B25: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==9898==    by 0x601720A: ??? (in /usr/lib/x86_64-linux-gnu/libgssapi_krb5.so.2.2)
==9898==    by 0x6025B5D: gss_create_empty_oid_set (in /usr/lib/x86_64-linux-gnu/libgssapi_krb5.so.2.2)
==9898==    by 0x8A3D981: duplicateOidSet (in /usr/lib/x86_64-linux-gnu/gss/mech_eap.so)
==9898==    by 0x8A39DFC: gssEapAcquireCred (in /usr/lib/x86_64-linux-gnu/gss/mech_eap.so)
==9898==    by 0x6019A60: gss_add_cred_from (in /usr/lib/x86_64-linux-gnu/libgssapi_krb5.so.2.2)
==9898==    by 0x6019D69: gss_acquire_cred_from (in /usr/lib/x86_64-linux-gnu/libgssapi_krb5.so.2.2)
==9898==    by 0x6040A1C: ??? (in /usr/lib/x86_64-linux-gnu/libgssapi_krb5.so.2.2)
==9898==    by 0x6040C79: ??? (in /usr/lib/x86_64-linux-gnu/libgssapi_krb5.so.2.2)
==9898==    by 0x60196F5: gss_add_cred_from (in /usr/lib/x86_64-linux-gnu/libgssapi_krb5.so.2.2)
==9898==    by 0x6019D69: gss_acquire_cred_from (in /usr/lib/x86_64-linux-gnu/libgssapi_krb5.so.2.2)
==9898==    by 0x6019F45: gss_acquire_cred (in /usr/lib/x86_64-linux-gnu/libgssapi_krb5.so.2.2)
==9898==    by 0x12BAF7: gsscon_connect (gsscon_active.c:131)
==9898==    by 0x1140EC: trp_connection_initiate (trp_conn.c:385)
==9898==    by 0x10FF04: tr_trpc_thread (tr_trp.c:667)
==9898==    by 0x625C7FB: start_thread (pthread_create.c:465)
==9898==    by 0x6588B5E: clone (clone.S:95)
==9898==
alejandro-perez commented 6 years ago

I guess this one is to be closed.