Bug 204055

Summary: Possibly memory leak in pam modules.
Product: Red Hat Enterprise Linux 3 Reporter: Jose Plans <jplans>
Component: pamAssignee: Tomas Mraz <tmraz>
Status: CLOSED ERRATA QA Contact: Jay Turner <jturner>
Severity: medium Docs Contact:
Priority: medium    
Version: 3.8CC: k.georgiou, srevivo, tao
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: NdRvw
Fixed In Version: RHSA-2007-0465 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-06-11 17:51:24 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
test case used for this problem.
none
memory leak report. none

Description Jose Plans 2006-08-25 10:36:48 UTC 
Description of problem:

  When using an in-house application, this customer noticed a possibly leakage
on the usage of the pam libraries. 
  At the very begining they suspected it would come from pam_krb5, but after
further tests, the issue could be reproduced with a simple test case.

  Basically this test case (attached) performs N iterations on the
authentication mechanism, if authenticate once, we don't see any leak otherwise
memory gets lost as per Valgrind outputs.
  
  To reduce this issue to its minimum setup, we just reproduced it by just using :
      passwd: files
      group: files
      shadow: files
      
* The case is :
     pam_start()
     for each iteration:
       pam_set_item PAM_USER
       pam_authenticate
       pam_acct_mgmt
     pam_end
* It has been based from the example present in /usr/share/docs.       
  
  The traces show:

8 bytes in 2 blocks are definitely lost in loss record 1 of 3
    at 0x401A5D1: malloc (vg_replace_malloc.c:149)
    by 0x42C246A: ???
    by 0x4027E05: _pam_dispatch_aux (pam_dispatch.c:78)
    by 0x4027F80: _pam_dispatch (pam_dispatch.c:340)
    by 0x42719BD: ???
    by 0x4270D1D: ???
    by 0x4027E05: _pam_dispatch_aux (pam_dispatch.c:78)
    by 0x4027F80: _pam_dispatch (pam_dispatch.c:340)
    by 0x4029A77: pam_authenticate (pam_auth.c:33)
    by 0x8048722: main (test.c:48)
    

32 bytes in 8 blocks are definitely lost in loss record 2 of 3
    at 0x401B8A9: calloc (vg_replace_malloc.c:279)
    by 0x402A412: _copy_env (pam_env.c:327)
    by 0x4271789: ???
    by 0x4270D1D: ???
    by 0x4027E05: _pam_dispatch_aux (pam_dispatch.c:78)
    by 0x4027F80: _pam_dispatch (pam_dispatch.c:340)
    by 0x4029A77: pam_authenticate (pam_auth.c:33)
    by 0x8048722: main (test.c:48)
    
48 bytes in 4 blocks are definitely lost in loss record 3 of 3
    at 0x401A5D1: malloc (vg_replace_malloc.c:149)
    by 0x40294EF: _pam_strdup (pam_misc.c:98)
    by 0x4271568: ???
    by 0x4270D1D: ???
    by 0x4027E05: _pam_dispatch_aux (pam_dispatch.c:78)
    by 0x4027F80: _pam_dispatch (pam_dispatch.c:340)
    by 0x4029A77: pam_authenticate (pam_auth.c:33)
    by 0x8048722: main (test.c:48)
    
 LEAK SUMMARY:
    definitely lost: 88 bytes in 14 blocks.
    
  I spent quite a lot of time trying to figure out why I couldn't find the
symbols from this trace, so finally I decided to usleep the test case and get
its mappings. This led me to the following posts (in the bz)
 
Version-Release number of selected component (if applicable):

       pam-0.75-69

How reproducible:

   Always, run the test case with iterations >1, at least 2 as a parameter.

Steps to Reproduce:
1. Add a local user
2. Run the following.
   % valgrind --tool=memcheck --leak-check=yes --log-file=mem.log ./test_case
jmp nothing login 2
   Being 
       jmp a local user,
       nothing a string that won't be used, (from the share/doc example it was
the password)
       login the action,
       2 the iterations.
3. mem.log.PID shows the leakage.
  
Actual results:

Memory leaks.

Expected results:

No memory leaks if the above case makes sense.

Additional info:

I will add the additional infos in other posts as this one is quite long already.
Thanks for the assistance,

   Jose
Comment 1 Jose Plans 2006-08-25 10:36:52 UTC 
Created attachment 134904 [details]
test case used for this problem.
Comment 4 Jose Plans 2006-08-25 10:44:37 UTC 
Created attachment 134907 [details]
memory leak report.
Comment 21 Tomas Mraz 2007-03-22 16:22:05 UTC 
Fixed in pam-0.75-70
Comment 25 Red Hat Bugzilla 2007-06-11 17:51:24 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2007-0465.html