Description of problem: When using an in-house application, this customer noticed a possibly leakage on the usage of the pam libraries. At the very begining they suspected it would come from pam_krb5, but after further tests, the issue could be reproduced with a simple test case. Basically this test case (attached) performs N iterations on the authentication mechanism, if authenticate once, we don't see any leak otherwise memory gets lost as per Valgrind outputs. To reduce this issue to its minimum setup, we just reproduced it by just using : passwd: files group: files shadow: files * The case is : pam_start() for each iteration: pam_set_item PAM_USER pam_authenticate pam_acct_mgmt pam_end * It has been based from the example present in /usr/share/docs. The traces show: 8 bytes in 2 blocks are definitely lost in loss record 1 of 3 at 0x401A5D1: malloc (vg_replace_malloc.c:149) by 0x42C246A: ??? by 0x4027E05: _pam_dispatch_aux (pam_dispatch.c:78) by 0x4027F80: _pam_dispatch (pam_dispatch.c:340) by 0x42719BD: ??? by 0x4270D1D: ??? by 0x4027E05: _pam_dispatch_aux (pam_dispatch.c:78) by 0x4027F80: _pam_dispatch (pam_dispatch.c:340) by 0x4029A77: pam_authenticate (pam_auth.c:33) by 0x8048722: main (test.c:48) 32 bytes in 8 blocks are definitely lost in loss record 2 of 3 at 0x401B8A9: calloc (vg_replace_malloc.c:279) by 0x402A412: _copy_env (pam_env.c:327) by 0x4271789: ??? by 0x4270D1D: ??? by 0x4027E05: _pam_dispatch_aux (pam_dispatch.c:78) by 0x4027F80: _pam_dispatch (pam_dispatch.c:340) by 0x4029A77: pam_authenticate (pam_auth.c:33) by 0x8048722: main (test.c:48) 48 bytes in 4 blocks are definitely lost in loss record 3 of 3 at 0x401A5D1: malloc (vg_replace_malloc.c:149) by 0x40294EF: _pam_strdup (pam_misc.c:98) by 0x4271568: ??? by 0x4270D1D: ??? by 0x4027E05: _pam_dispatch_aux (pam_dispatch.c:78) by 0x4027F80: _pam_dispatch (pam_dispatch.c:340) by 0x4029A77: pam_authenticate (pam_auth.c:33) by 0x8048722: main (test.c:48) LEAK SUMMARY: definitely lost: 88 bytes in 14 blocks. I spent quite a lot of time trying to figure out why I couldn't find the symbols from this trace, so finally I decided to usleep the test case and get its mappings. This led me to the following posts (in the bz) Version-Release number of selected component (if applicable): pam-0.75-69 How reproducible: Always, run the test case with iterations >1, at least 2 as a parameter. Steps to Reproduce: 1. Add a local user 2. Run the following. % valgrind --tool=memcheck --leak-check=yes --log-file=mem.log ./test_case jmp nothing login 2 Being jmp a local user, nothing a string that won't be used, (from the share/doc example it was the password) login the action, 2 the iterations. 3. mem.log.PID shows the leakage. Actual results: Memory leaks. Expected results: No memory leaks if the above case makes sense. Additional info: I will add the additional infos in other posts as this one is quite long already. Thanks for the assistance, Jose
Created attachment 134904 [details] test case used for this problem.
Created attachment 134907 [details] memory leak report.
Fixed in pam-0.75-70
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2007-0465.html