Bug 676955
| Summary: | snmptrapd leaks memory when NetSNMP::TrapReceiver is used for trap handlers | |||
|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 5 | Reporter: | Matt Grimm <mgrimm> | |
| Component: | net-snmp | Assignee: | Jan Safranek <jsafrane> | |
| Status: | CLOSED ERRATA | QA Contact: | BaseOS QE Security Team <qe-baseos-security> | |
| Severity: | medium | Docs Contact: | ||
| Priority: | medium | |||
| Version: | 5.4 | CC: | dapospis, ksrot, rvokal | |
| Target Milestone: | rc | |||
| Target Release: | --- | |||
| Hardware: | x86_64 | |||
| OS: | Linux | |||
| Whiteboard: | ||||
| Fixed In Version: | Doc Type: | Bug Fix | ||
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 678314 (view as bug list) | Environment: | ||
| Last Closed: | 2011-07-21 09:11:36 UTC | Type: | --- | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | ||||
| Bug Blocks: | 678314, 1086761 | |||
There are two known leaks in TrapReceiver: http://net-snmp.svn.sourceforge.net/viewvc/net-snmp?view=revision&revision=16983 http://net-snmp.svn.sourceforge.net/viewvc/net-snmp?view=revision&revision=19335 (for the second, the handler must process trap version 1 to leak memory). Just for the reference, these leaks were fixed: ==7314== 6,007,054 (272,000 direct, 5,735,054 indirect) bytes in 1,000 blocks are definitely lost in loss record 2,175 of 2,175 ==7314== at 0x4A05E1C: malloc (vg_replace_malloc.c:195) ==7314== by 0x5642BA2: _clone_pdu_header (snmp_client.c:342) ==7314== by 0x5643088: _clone_pdu (snmp_client.c:524) ==7314== by 0x4E34154: convert_v1pdu_to_v2 (agent_trap.c:477) ==7314== by 0xE930EC4: perl_trapd_handler (TrapReceiver.xs:52) ==7314== by 0x4C15562: snmp_input (snmptrapd_handlers.c:1142) ==7314== by 0x5668B39: _sess_process_packet (snmp_api.c:5342) ==7314== by 0x5669B20: _sess_read (snmp_api.c:5761) ==7314== by 0x566A5A8: snmp_sess_read (snmp_api.c:5780) ==7314== by 0x566A5F2: snmp_read (snmp_api.c:5394) ==7314== by 0x10D47B: main (snmptrapd.c:1274) ==7358== 4,923,360 bytes in 4,734 blocks are possibly lost in loss record 2,165 of 2,165 ==7358== at 0x4A05140: calloc (vg_replace_malloc.c:418) ==7358== by 0xE933744: perl_trapd_handler (TrapReceiver.xs:111) ==7358== by 0x4C15562: snmp_input (snmptrapd_handlers.c:1142) ==7358== by 0x566BC79: _sess_process_packet (snmp_api.c:5342) ==7358== by 0x566CC60: _sess_read (snmp_api.c:5761) ==7358== by 0x566D6E8: snmp_sess_read (snmp_api.c:5780) ==7358== by 0x566D732: snmp_read (snmp_api.c:5394) ==7358== by 0x10D47B: main (snmptrapd.c:1274) An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2011-1076.html An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2011-1076.html |
Description of problem: The NetSNMP::TrapReceiver Perl module distributed in the net-snmp-perl package leaks memory when it is used to register an SNMP trap handler with the snmptrapd process. Version-Release number of selected component (if applicable): net-snmp-perl 5.3.2.2-9.el5_5.1 NetSNMP::TrapReceiver 5.03022 How reproducible: Every time. Steps to Reproduce: 1. Create a no-op Perl trap handler with this code: #!/usr/bin/perl use SNMP; sub my_receiver {} NetSNMP::TrapReceiver::register("all", \&my_receiver) or warn "Failed to register Perl trap handler\n"; print "Registered Perl trap handler\n"; 2. Configure snmptrapd using this line in /etc/snmp/snmptrapd.conf: perl do "/path/to/subagent"; 3. Run snmptrapd with valgrind's memcheck tool: valgrind -v --leak-check=yes /usr/sbin/snmptrapd -Lsd -p /var/run/snmptrapd.pid -f 4. When the "Registered Perl trap handler" message appears, send one or more traps to the server. 5. Quit valgrind and snmptrapd with ctrl-c. This will display the memcheck report. Actual results: snmptrapd leaks memory. This is amplified the more traps are sent to the receiver. Eventually, on a busy server, snmptrapd consumes all available memory on the system. Expected results: snmptrapd runs memcheck-clean (does not leak memory). Remove the "perl do" line from /etc/snmp/snmptrapd.conf and run the valgrind command in step 3 again and the result will be memcheck-clean.