Bug 663597
Summary: | massive memory leak in 1.2.7.4 | ||||||
---|---|---|---|---|---|---|---|
Product: | [Retired] 389 | Reporter: | Adrian Bridgett <adrian> | ||||
Component: | Directory Server | Assignee: | Nathan Kinder <nkinder> | ||||
Status: | CLOSED ERRATA | QA Contact: | Chandrasekar Kannan <ckannan> | ||||
Severity: | medium | Docs Contact: | |||||
Priority: | high | ||||||
Version: | 1.2.7 | CC: | benl, jgalipea, nhosoi, nkinder, rmeggins | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2011-01-03 19:54:22 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | |||||||
Bug Blocks: | 576869, 636700, 639035, 680117 | ||||||
Attachments: |
|
Description
Adrian Bridgett
2010-12-16 10:52:39 UTC
What platform are you on? How do you have memberOf configured? What operations are being performed when you notice the process growth? rhel 5.5, x86_64 operations wise it's a little hard to say, nothing unusual, however we certainly have some badly behaved applications which will set attributes to a value that they are already set to (i.e. a fairly pointless operation). Looking at our install notes we enable four plugins: attribute uniqueness (enable, arguments are defaults) arguments 1: uid arguments 2: dc=ds,dc=example,dc=com referential integrity postoperation (enable, add argument #8) arguments 1: 0 arguments 2: /var/log/dirsrv/slapd-ds2/referint arguments 3: 0 arguments 4: member arguments 5: uniquemember arguments 6: owner arguments 7: seeAlso arguments 8: manager Space Insensitive String Syntax (enable) MemberOf Plugin (enable + change below) Advanced -> memberofgroupattr: uniqueMember (default is member) Created attachment 469157 [details]
Patch
blimey that's impressively quick! FYI we'll be moving to redhat directory server (it's only fair that you get some support money for this after all). Many thanks :-) Pushed to master. Thanks to Rich for his review! Counting objects: 13, done. Delta compression using up to 2 threads. Compressing objects: 100% (7/7), done. Writing objects: 100% (7/7), 913 bytes, done. Total 7 (delta 5), reused 0 (delta 0) To ssh://git.fedorahosted.org/git/389/ds.git f977972..4da627a master -> master commit cea436bedbf40c2c29dfb325e2d6266c371cf2a9 Author: Nathan Kinder <nkinder> Date: Thu Dec 16 08:02:46 2010 -0800 branch 389-ds-base-1.2.7 This will be fixed in 389-ds-base-1.2.7.5, which should hit the updates-testing repos in the next few days. Preparation: 1) Downloaded the SRC RPM file and installed it on the local host. http://download.devel.redhat.com/brewroot/packages/redhat-ds-base/8.2.3/2.el4dsrv/src/redhat-ds-base-8.2.3-2.el4dsrv.src.rpm 2) Checked out the source tree ds.git origin/Directory_Server_8_2_Branch Commit comment: commit 3e170da37a4f8a15b1342430cc2a912bb8b99872 Author: Nathan Kinder <nkinder> Date: Thu Dec 16 08:02:46 2010 -0800 Bug 663597 - Memory leaks in normalization code The DN normalization code uses a Slapi_Attr on the stack to avoid allocation of the struct. The contents of the Slapi_Attr are never freed. This patch ensure that the struct is cleared out properly. There was also a leak in the syntax normalization code where a pointer to recently allocated string could get overwritten without freeing the string first. This patch frees the string first. Committed patch: diff --git a/ldap/servers/slapd/attrsyntax.c b/ldap/servers/slapd/attrsyntax.c index ba30871..6d3fe8c 100644 --- a/ldap/servers/slapd/attrsyntax.c +++ b/ldap/servers/slapd/attrsyntax.c @@ -469,14 +469,14 @@ char * slapi_attr_syntax_normalize( const char *s ) { struct asyntaxinfo *asi = NULL; - char *r; - + char *r = NULL; - if((asi=attr_syntax_get_by_name(s)) != NULL ) { + if((asi=attr_syntax_get_by_name(s)) != NULL ) { r = slapi_ch_strdup(asi->asi_name); attr_syntax_return( asi ); } if ( NULL == asi ) { + slapi_ch_free_string( &r ); r = attr_syntax_normalize_no_lookup( s ); } return r; diff --git a/ldap/servers/slapd/dn.c b/ldap/servers/slapd/dn.c index 227a41e..8e0d0fa 100644 --- a/ldap/servers/slapd/dn.c +++ b/ldap/servers/slapd/dn.c @@ -572,6 +572,7 @@ slapi_dn_normalize_ext(char *src, size_t src_len, char **dest, size_t *dest_len) slapi_attr_init(&test_attr, typestart); is_dn_syntax = slapi_attr_is_dn_syntax_attr(&test_attr); + attr_done(&test_attr); /* Reset the character we modified. */ *d = savechar; @@ -592,6 +593,7 @@ slapi_dn_normalize_ext(char *src, size_t src_len, char **dest, size_t *dest_len) slapi_attr_init(&test_attr, typestart); is_dn_syntax = slapi_attr_is_dn_syntax_attr(&test_attr); + attr_done(&test_attr); /* Reset the character we modified. */ *d = savechar; @@ -612,6 +614,7 @@ slapi_dn_normalize_ext(char *src, size_t src_len, char **dest, size_t *dest_len) slapi_attr_init(&test_attr, typestart); is_dn_syntax = slapi_attr_is_dn_syntax_attr(&test_attr); + attr_done(&test_attr); /* Reset the character we modified. */ *d = savechar; Compare attrsyntax.c from SRC RPM with the one from git.ds -- MATCHED: # diff rpmbuild/SOURCES/redhat-ds-base-8.2.3/ldap/servers/slapd/attrsyntax.c /export/src/ds82/ldapserver/ldap/servers/slapd/attrsyntax.c # Compare dn.c from SRC RPM with the one from git.ds -- MATCHED: # diff rpmbuild/SOURCES/redhat-ds-base-8.2.3/ldap/servers/slapd/dn.c /export/src/ds82/ldapserver/ldap/servers/slapd/dn.c # An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2011-0003.html |