Bug 807363 - openldap libraries leak memory when following referrals
openldap libraries leak memory when following referrals
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: openldap (Show other bugs)
6.2
Unspecified Unspecified
medium Severity medium
: rc
: ---
Assigned To: Jan Vcelak
David Spurek
:
: 808064 (view as bug list)
Depends On:
Blocks: 859016
  Show dependency treegraph
 
Reported: 2012-03-27 11:30 EDT by Jakub Hrozek
Modified: 2015-03-02 00:26 EST (History)
6 users (show)

See Also:
Fixed In Version: openldap-2.4.23-22.el6
Doc Type: Bug Fix
Doc Text:
- remote LDAP server responds with referral to a client query, referral chasing is enabled in the library - library leaks memory - upstream patch applied - the library no longer causes memory leak when chasing a referral
Story Points: ---
Clone Of:
: 859016 (view as bug list)
Environment:
Last Closed: 2012-06-20 03:32:11 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jakub Hrozek 2012-03-27 11:30:33 EDT
Description of problem:
When the openldap library chases referrals, it leaks memory. This is a problem especially for long-running deamons such as the SSSD and even more so when running in an environment that makes heavy use of referrals, for example Microsoft Active Directory. In those environments, the memory leak reach to the point where SSSD has to be restarted once upon a time to reclaim lost memory.

Version-Release number of selected component (if applicable):
openldap-2.4.23-20.el6.x86_64

How reproducible:
always

Steps to Reproduce:
1. configure a server that uses referrals
2. look up an entry that triggers referral chasing
  
Actual results:
a memory leak

Expected results:
no memory leak

Additional info:
We are using the ldap_set_rebind_proc() function in SSSD.

This is how valgrind reports the memory leak:

==5618== 58 (32 direct, 26 indirect) bytes in 1 blocks are definitely lost in loss record 94 of 391
==5618==    at 0x4A05BB4: calloc (vg_replace_malloc.c:467)
==5618==    by 0x3A3F408113: ber_memcalloc_x (memory.c:283)
==5618==    by 0x3A41C14393: ldap_control_create (controls.c:490)
==5618==    by 0xC7045DA: sss_ldap_control_create (sss_ldap.c:68)
==5618==    by 0xC7BF09F: sdap_rebind_proc (sdap_async_connection.c:1727)
==5618==    by 0x3A41C225ED: ldap_new_connection (request.c:564)
==5618==    by 0x3A41C233F1: ldap_send_server_request (request.c:249)
==5618==    by 0x3A41C242D2: ldap_chase_v3referrals (request.c:1255)
==5618==    by 0x3A41C11803: wait4msg (result.c:728)
==5618==    by 0xC785705: sdap_process_result (sdap_async.c:179)
==5618==    by 0xC785329: sdap_ldap_result (sdap_async.c:152)
==5618==    by 0x3A32406A67: std_event_loop_once (tevent_standard.c:326)

Also see the upstream sssd bug #1251 - https://fedorahosted.org/sssd/ticket/1251
Comment 1 Jakub Hrozek 2012-03-27 11:31:40 EDT
I was also able to reproduce on F-16 with openldap-2.4.26-6. Would you like me to test on some newer release, too?
Comment 3 Jan Vcelak 2012-03-27 12:54:08 EDT
(In reply to comment #1)
> I was also able to reproduce on F-16 with openldap-2.4.26-6. Would you like me
> to test on some newer release, too?

Not necessary. It seems that this part of the code was not changed.
Comment 4 Jan Vcelak 2012-03-27 13:03:13 EDT
Jakub originally sent me this backtrace, it looks like another leak:

==13700== 987,424 (4,720 direct, 982,704 indirect) bytes in 59 blocks are definitely lost in loss record 564 of 564
==13700==    at 0x40053B3: calloc (vg_replace_malloc.c:467)
==13700==    by 0xCBBD00: ber_memcalloc_x (in /lib/liblber-2.4.so.2.5.6)
==13700==    by 0x12249F: ldap_send_server_request (in /lib/libldap-2.4.so.2.5.6)
==13700==    by 0x123323: ldap_chase_v3referrals (in /lib/libldap-2.4.so.2.5.6)
==13700==    by 0x10D4EB: ldap_result (in /lib/libldap-2.4.so.2.5.6)
==13700==    by 0x485E262: ??? (in /usr/lib/sssd/libsss_ldap.so.1.0.0)
==13700==    by 0xB74262: ??? (in /usr/lib/libtevent.so.0.9.8)
==13700==    by 0xB70F17: _tevent_loop_once (in /usr/lib/libtevent.so.0.9.8)
==13700==    by 0xB70FAE: ??? (in /usr/lib/libtevent.so.0.9.8)
==13700==    by 0xB70C88: _tevent_loop_wait (in /usr/lib/libtevent.so.0.9.8)
==13700==    by 0x8080D1C: server_loop (in /usr/libexec/sssd/sssd_be)
==13700==    by 0x8055BB8: main (in /usr/libexec/sssd/sssd_be)

I'm not sure if this is caused by a bug in OpenLDAP or by not freeing some result in SSSD. I will investigate.
Comment 5 Jakub Hrozek 2012-04-05 11:33:24 EDT
(In reply to comment #4)
> Jakub originally sent me this backtrace, it looks like another leak:
> 
> ==13700== 987,424 (4,720 direct, 982,704 indirect) bytes in 59 blocks are
> definitely lost in loss record 564 of 564
> ==13700==    at 0x40053B3: calloc (vg_replace_malloc.c:467)
> ==13700==    by 0xCBBD00: ber_memcalloc_x (in /lib/liblber-2.4.so.2.5.6)
> ==13700==    by 0x12249F: ldap_send_server_request (in
> /lib/libldap-2.4.so.2.5.6)
> ==13700==    by 0x123323: ldap_chase_v3referrals (in /lib/libldap-2.4.so.2.5.6)
> ==13700==    by 0x10D4EB: ldap_result (in /lib/libldap-2.4.so.2.5.6)
> ==13700==    by 0x485E262: ??? (in /usr/lib/sssd/libsss_ldap.so.1.0.0)
> ==13700==    by 0xB74262: ??? (in /usr/lib/libtevent.so.0.9.8)
> ==13700==    by 0xB70F17: _tevent_loop_once (in /usr/lib/libtevent.so.0.9.8)
> ==13700==    by 0xB70FAE: ??? (in /usr/lib/libtevent.so.0.9.8)
> ==13700==    by 0xB70C88: _tevent_loop_wait (in /usr/lib/libtevent.so.0.9.8)
> ==13700==    by 0x8080D1C: server_loop (in /usr/libexec/sssd/sssd_be)
> ==13700==    by 0x8055BB8: main (in /usr/libexec/sssd/sssd_be)
> 

Yes this original leak came from the customer who was using Active Directory. The leak I included in the opening comment was what I reproduces with 389DS.
Comment 7 Stephen Gallagher 2012-04-09 07:33:16 EDT
*** Bug 808064 has been marked as a duplicate of this bug. ***
Comment 16 Jakub Hrozek 2012-04-10 09:48:02 EDT
You are right, I've got a patch for this leak.

The test packages you gave me fix the memory leak while following referrals. Can we get it into 6.3?
Comment 18 Jan Vcelak 2012-04-10 15:31:52 EDT
Fixed in openldap-2.4.23-22.el6
Comment 19 Jan Vcelak 2012-04-10 15:37:12 EDT
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
- remote LDAP server responds with referral to a client query, referral chasing is enabled in the library
- library leaks memory
- upstream patch applied
- the library no longer causes memory leak when chasing a referral
Comment 22 errata-xmlrpc 2012-06-20 03:32:11 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2012-0899.html

Note You need to log in before you can comment on or make changes to this bug.