Bug 807363

Summary: openldap libraries leak memory when following referrals
Product: Red Hat Enterprise Linux 6 Reporter: Jakub Hrozek <jhrozek>
Component: openldapAssignee: Jan Vcelak <jvcelak>
Status: CLOSED ERRATA QA Contact: David Spurek <dspurek>
Severity: medium Docs Contact:
Priority: medium    
Version: 6.2CC: ddumas, dpal, ebenes, jsynacek, omoris, tsmetana
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: openldap-2.4.23-22.el6 Doc Type: Bug Fix
Doc Text:
- remote LDAP server responds with referral to a client query, referral chasing is enabled in the library - library leaks memory - upstream patch applied - the library no longer causes memory leak when chasing a referral
 Story Points: ---
Clone Of:
: 859016 (view as bug list) Environment:
Last Closed: 2012-06-20 07:32:11 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 859016    

Description Jakub Hrozek 2012-03-27 15:30:33 UTC 
Description of problem:
When the openldap library chases referrals, it leaks memory. This is a problem especially for long-running deamons such as the SSSD and even more so when running in an environment that makes heavy use of referrals, for example Microsoft Active Directory. In those environments, the memory leak reach to the point where SSSD has to be restarted once upon a time to reclaim lost memory.

Version-Release number of selected component (if applicable):
openldap-2.4.23-20.el6.x86_64

How reproducible:
always

Steps to Reproduce:
1. configure a server that uses referrals
2. look up an entry that triggers referral chasing
  
Actual results:
a memory leak

Expected results:
no memory leak

Additional info:
We are using the ldap_set_rebind_proc() function in SSSD.

This is how valgrind reports the memory leak:

==5618== 58 (32 direct, 26 indirect) bytes in 1 blocks are definitely lost in loss record 94 of 391
==5618==    at 0x4A05BB4: calloc (vg_replace_malloc.c:467)
==5618==    by 0x3A3F408113: ber_memcalloc_x (memory.c:283)
==5618==    by 0x3A41C14393: ldap_control_create (controls.c:490)
==5618==    by 0xC7045DA: sss_ldap_control_create (sss_ldap.c:68)
==5618==    by 0xC7BF09F: sdap_rebind_proc (sdap_async_connection.c:1727)
==5618==    by 0x3A41C225ED: ldap_new_connection (request.c:564)
==5618==    by 0x3A41C233F1: ldap_send_server_request (request.c:249)
==5618==    by 0x3A41C242D2: ldap_chase_v3referrals (request.c:1255)
==5618==    by 0x3A41C11803: wait4msg (result.c:728)
==5618==    by 0xC785705: sdap_process_result (sdap_async.c:179)
==5618==    by 0xC785329: sdap_ldap_result (sdap_async.c:152)
==5618==    by 0x3A32406A67: std_event_loop_once (tevent_standard.c:326)

Also see the upstream sssd bug #1251 - https://fedorahosted.org/sssd/ticket/1251
Comment 1 Jakub Hrozek 2012-03-27 15:31:40 UTC 
I was also able to reproduce on F-16 with openldap-2.4.26-6. Would you like me to test on some newer release, too?
Comment 3 Jan Vcelak 2012-03-27 16:54:08 UTC 
(In reply to comment #1)
> I was also able to reproduce on F-16 with openldap-2.4.26-6. Would you like me
> to test on some newer release, too?

Not necessary. It seems that this part of the code was not changed.
Comment 4 Jan Vcelak 2012-03-27 17:03:13 UTC 
Jakub originally sent me this backtrace, it looks like another leak:

==13700== 987,424 (4,720 direct, 982,704 indirect) bytes in 59 blocks are definitely lost in loss record 564 of 564
==13700==    at 0x40053B3: calloc (vg_replace_malloc.c:467)
==13700==    by 0xCBBD00: ber_memcalloc_x (in /lib/liblber-2.4.so.2.5.6)
==13700==    by 0x12249F: ldap_send_server_request (in /lib/libldap-2.4.so.2.5.6)
==13700==    by 0x123323: ldap_chase_v3referrals (in /lib/libldap-2.4.so.2.5.6)
==13700==    by 0x10D4EB: ldap_result (in /lib/libldap-2.4.so.2.5.6)
==13700==    by 0x485E262: ??? (in /usr/lib/sssd/libsss_ldap.so.1.0.0)
==13700==    by 0xB74262: ??? (in /usr/lib/libtevent.so.0.9.8)
==13700==    by 0xB70F17: _tevent_loop_once (in /usr/lib/libtevent.so.0.9.8)
==13700==    by 0xB70FAE: ??? (in /usr/lib/libtevent.so.0.9.8)
==13700==    by 0xB70C88: _tevent_loop_wait (in /usr/lib/libtevent.so.0.9.8)
==13700==    by 0x8080D1C: server_loop (in /usr/libexec/sssd/sssd_be)
==13700==    by 0x8055BB8: main (in /usr/libexec/sssd/sssd_be)

I'm not sure if this is caused by a bug in OpenLDAP or by not freeing some result in SSSD. I will investigate.
Comment 5 Jakub Hrozek 2012-04-05 15:33:24 UTC 
(In reply to comment #4)
> Jakub originally sent me this backtrace, it looks like another leak:
> 
> ==13700== 987,424 (4,720 direct, 982,704 indirect) bytes in 59 blocks are
> definitely lost in loss record 564 of 564
> ==13700==    at 0x40053B3: calloc (vg_replace_malloc.c:467)
> ==13700==    by 0xCBBD00: ber_memcalloc_x (in /lib/liblber-2.4.so.2.5.6)
> ==13700==    by 0x12249F: ldap_send_server_request (in
> /lib/libldap-2.4.so.2.5.6)
> ==13700==    by 0x123323: ldap_chase_v3referrals (in /lib/libldap-2.4.so.2.5.6)
> ==13700==    by 0x10D4EB: ldap_result (in /lib/libldap-2.4.so.2.5.6)
> ==13700==    by 0x485E262: ??? (in /usr/lib/sssd/libsss_ldap.so.1.0.0)
> ==13700==    by 0xB74262: ??? (in /usr/lib/libtevent.so.0.9.8)
> ==13700==    by 0xB70F17: _tevent_loop_once (in /usr/lib/libtevent.so.0.9.8)
> ==13700==    by 0xB70FAE: ??? (in /usr/lib/libtevent.so.0.9.8)
> ==13700==    by 0xB70C88: _tevent_loop_wait (in /usr/lib/libtevent.so.0.9.8)
> ==13700==    by 0x8080D1C: server_loop (in /usr/libexec/sssd/sssd_be)
> ==13700==    by 0x8055BB8: main (in /usr/libexec/sssd/sssd_be)
> 

Yes this original leak came from the customer who was using Active Directory. The leak I included in the opening comment was what I reproduces with 389DS.
Comment 7 Stephen Gallagher 2012-04-09 11:33:16 UTC 
*** Bug 808064 has been marked as a duplicate of this bug. ***
Comment 10 Jan Vcelak 2012-04-10 10:51:49 UTC 
Upstream report:
http://www.openldap.org/its/index.cgi?findid=6744

Upstream fix (applies cleanly):
http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commitdiff;h=518dd3a
Comment 16 Jakub Hrozek 2012-04-10 13:48:02 UTC 
You are right, I've got a patch for this leak.

The test packages you gave me fix the memory leak while following referrals. Can we get it into 6.3?
Comment 18 Jan Vcelak 2012-04-10 19:31:52 UTC 
Fixed in openldap-2.4.23-22.el6
Comment 19 Jan Vcelak 2012-04-10 19:37:12 UTC 
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
- remote LDAP server responds with referral to a client query, referral chasing is enabled in the library
- library leaks memory
- upstream patch applied
- the library no longer causes memory leak when chasing a referral
Comment 22 errata-xmlrpc 2012-06-20 07:32:11 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2012-0899.html