NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

lib/48718: Heimdal leaks file descriptors

>Number:         48718
>Category:       lib
>Synopsis:       Heimdal leaks file descriptors
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    lib-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Apr 06 07:55:00 +0000 2014
>Originator:     Juergen Hannken-Illjes
>Release:        NetBSD 6.1_STABLE
System: NetBSD 6.1_STABLE NetBSD 6.1_STABLE 
(gateway.i386) #0: Thu May 30 22:31:51 MEST 2013  
Architecture: i386
Machine: i386
Use openvpn with pam plugin and pam_krb5 to authorize.
Take Kerberos Realm and Kdc from DNS.
Observe the authorizing proc to keep one file + kevent for every
authorization until it runs out of descriptors.
File is /etc/resolv.conf.

Problem is operation "dns_lookup_int" from heimdal/dist/lib/roken/resolve.c
where every call runs "res_ninit" on fresh state.
See above.
Workaround is to specify Realm and Kdc and "dns_fallback=false" in
file /etc/krb5.conf.

Possible fix is either passing a static state to "res_ninit" or
releasing state with "res_ndestroy".

Home | Main Index | Thread Index | Old Index