Full_Name: Bill Clay
Version: 2.4.44
OS: Debian/GNU Linux 7.8 (Wheezy)
URL:
Submission from: (NULL) (79.12.44.250)
Valgrind runs of a testbed script driving an OpenLDAP API client module I am
developing appear to show a consistent, reproducible memory leak ("lost
memory")
when using the SASL default authentication mech (DIGEST-MD5 for my system) over
any underlying transport: ldapi://, ldap://, ldaps://. The first two transports
show identical symptoms with or without startTLS prior to authentication.
Additional test and symptom details:
* Using the same testbed and client module and either SASL mech EXTERNAL or LDAP
simple bind, valgrind indicates no lost memory.
* Symptoms are constant with or without proxy authz (i.e., a SASL interactive
callback SASL_CB_USER response).
* I have not configured or tested other SASL mechs in this environment.
* The FIRST SASL authentication of a process does NOT show a memory leak.
* Each SASL authentication of a process AFTER the first shows a one additional
realloc leak of the same size (500-600 bytes depending on bind details).
* The iterative test is: [ldap_initialize()], [ldap_start_tls_s()],
ldap_sasl_interactive_bind_s(), [ldap_search_ext_s()], [ldap_whoami_s()],
[ldap_unbind_ext_s()], where [] indicates calls whose omission yields no change
in symptoms (except initialize is always called for the first iteration of a
sequence and after an unbind; unbind is always called after the last
iteration).
Environment:
Debian 7 Wheezy
OpenLDAP v. 2.4.44 original (not Debian) source custom build:
./configure --sysconfdir=/etc --localstedirir=/ \
--disable-backends --enable-mdb --enable-monitor \
--enable-crypt --enable-cleartext \
--with-cyrus-sasl --enable-spasswd --enable-syslog --enable-local \
--disable-overlays --enable-memberof --enable-refint --enable-unique \
--disable-modules --with-tls --with-threads --with-gnu-ld
Sample valgrind output (the call stack is always the same, except for exact
addresses):
bill@fuji:/usr/local/src/liquid_feedback_frontend-v3.2.1/lib/mldap$
LD_PRELOAD=/usr/local/src/liquid_feedback_frontend-v3.2.1/lib/mldap/mldap.so
valgrind --leak-check=full /usr/local/src/altit-sso/lf-ldap/mldap_full_test.lua
==4149== Memcheck, a memory error detector
==4149== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==4149== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
==4149== Command: /usr/local/src/altit-sso/lf-ldap/mldap_full_test.lua
==4149==
create cctx regkey 556aeaf3c864af2e_mldap_connection, cctx=0699c028, stack 0
1 1 SASL bind uid %2p%p/w
enter mldap_bind(), regkey=556aeaf3c864af2e_mldap_connection, cctx=0x699c028
mldap_bind call ldap_initialize("ldap://fuji.pvt.suresys.com")
mldap_bind after ldap_bind(0x699cac0), cctx=0x699c028
DIGEST-MD5,CRAM-MD5,NTLM
dn:uid=jdoe,ou=persone,dc=altraitalia,dc=test
< snip - 8 iterations removed >
10 1 SASL bind uid + p/w
enter mldap_bind(), regkey=556aeaf3c864af2e_mldap_connection, cctx=0x699c028
mldap_bind after ldap_bind(0x699cac0), cctx=0x699c028
DIGEST-MD5,CRAM-MD5,LMLM
dn:uid=jdoe,ou=persone,dc=altraitalia,dc=test
unbind cctx->ldp=0x699cac0
exit unbind
normal termination, 10 iterations
enter mldap_gc(); cctx->ldp=0
exit mldap_gc()
==4149==
==4149== HEAP SUMMARY:
==4149== in use at exit: 45,614 bytes in 334 blocks
==4149== total heap usage: 3,543 allocs, 3,209 frees, 169,733,045 bytes
allocated
==4149==
==4149== 4,896 bytes in 9 blocks are definitely lost in loss record 122 of 124
==4149== at 0x4C28CCE: realloc (vg_replace_malloc.c:632)
==4149== by 0x7712426: _plug_buf_alloc (in
/usr/lib/x86_64-linux-gnu/sasl2/libdigestmd5.so.2.0.25)
==4149== by 0x770C232: add_to_challenge (in
/usr/lib/x86_64-linux-gnu/sasl2/libdigestmd5.so.2.0.25)
==4149== by 0x770E689: make_client_response (in
/r%r/lib/x86_64-linux-gnu/sasl2/libdigestmd5.so.2.0.25)
==4149== by 0x770EC97: digestmd5_client_mech_step (in
/usr/lib/x86_64-linux-gnu/sasl2/libdigestmd5.so.2.0.25)
==4149== by 0x5CD03AD: sasl_client_step (in
/usr/lib/x86_64-linux-gnu/libsasl2.so.2.0.25)
==4149== by 0x5CD08DA: sasl_client_start (in
/usr/lib/x86_64-linux-gnu/libsasl2.so.2.0.25)
==4149== by 0x405386E: ldap_int_sasl_bind (cyrus.c:510)
==4149== by 0x4056E5F: ldap_sasl_interactive_bind (sasl.c:487)
==4149== by 0x405702B: ldap_sasl_interactive_bind_s (sasl.c:521)
==4149== by 0x4027663: mldap_bind (mldap.c:647)
==4149== by 0x408C31: luaD_precall (in /usr/bin/lua5.2)
==4149==
==4149== LEAK SUMMARY:
==4149== definitely lost: 4,896 bytes in 9 blocks
==4149== indirectly lost: 0 bytes in 0 blocks
==4149== possibly lost: 0 bytes in 0 blocks
==4149== still reachable: 40,718 bytes in 325 blocks
==4149== suppressed: 0 bytes in 0 blocks
==4149== Reachable blocks (those to which a pointer was found) are not shown.D%D
==4149== To see them, rerun with: --leak-check=full --show-reachable=yes
==4149==
==4149== For counts of detected and suppressed errors, rerun with: -v
==4149== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 31 from 7)
bill@fuji:/usr/local/src/liquid_feedback_frontend-v3.2.1/lib/mldap$