lib/48719: Heimdal leaks file descriptors

To: lib-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: lib/48719: Heimdal leaks file descriptors
From: hannken%eis.cs.tu-bs.de@localhost (Juergen Hannken-Illjes)
Date: Sun, 6 Apr 2014 08:05:00 +0000 (UTC)

>Number:         48719
>Category:       lib
>Synopsis:       Heimdal leaks file descriptors
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    lib-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Apr 06 08:05:00 +0000 2014
>Originator:     Juergen Hannken-Illjes
>Release:        NetBSD 6.1_STABLE
>Organization:
>Environment:
System: NetBSD vpnserv.isf.cs.tu-bs.de 6.1_STABLE NetBSD 6.1_STABLE 
(gateway.i386) #0: Thu May 30 22:31:51 MEST 2013  
build%builder.dd@localhost:/build/nbsd6/obj/obj.i386/sys/arch/i386/compile/gateway.i386
 i386
Architecture: i386
Machine: i386
>Description:
Use openvpn with pam plugin and pam_krb5 to authorize.
Take Kerberos Realm and Kdc from DNS.
Observe the authorizing proc to keep one file + kevent for every
authorization until it runs out of descriptors.
File is /etc/resolv.conf.

Problem is operation "dns_lookup_int" from heimdal/dist/lib/roken/resolve.c
where every call runs "res_ninit" on fresh state.
>How-To-Repeat:
See above.
>Fix:
Workaround is to specify Realm and Kdc and "dns_fallback=false" in
file /etc/krb5.conf.

Possible fix is either passing a static state to "res_ninit" or
releasing state with "res_ndestroy".

Prev by Date: lib/48718: Heimdal leaks file descriptors
Next by Date: Re: lib/48718 (Heimdal leaks file descriptors)
Previous by Thread: lib/48718: Heimdal leaks file descriptors
Next by Thread: Re: lib/48718 (Heimdal leaks file descriptors)
Indexes:

Home | Main Index | Thread Index | Old Index