From dsw@juniper.net  Tue Jan  7 15:41:37 2003
Return-Path: <dsw@juniper.net>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id BC06A37B401
	for <FreeBSD-gnats-submit@freebsd.org>; Tue,  7 Jan 2003 15:41:37 -0800 (PST)
Received: from merlot.juniper.net (natint.juniper.net [207.17.136.129])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 13BD443EDC
	for <FreeBSD-gnats-submit@freebsd.org>; Tue,  7 Jan 2003 15:41:37 -0800 (PST)
	(envelope-from dsw@juniper.net)
Received: from sophia.juniper.net (sophia.juniper.net [172.17.12.140])
	by merlot.juniper.net (8.11.3/8.11.3) with ESMTP id h07NfaS12345
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 7 Jan 2003 15:41:36 -0800 (PST)
	(envelope-from dsw@juniper.net)
Received: (from dsw@localhost)
	by sophia.juniper.net (8.11.6/8.9.3) id h07NfaQ01188;
	Tue, 7 Jan 2003 15:41:36 -0800 (PST)
	(envelope-from dsw)
Message-Id: <200301072341.h07NfaQ01188@sophia.juniper.net>
Date: Tue, 7 Jan 2003 15:41:36 -0800 (PST)
From: David Wang <dsw@juniper.net>
Reply-To: David Wang <dsw@juniper.net>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: inetd memory leak when built with LOGIN_CAP
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         46845
>Category:       bin
>Synopsis:       inetd memory leak when built with LOGIN_CAP
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    dwmalone
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Jan 07 15:50:00 PST 2003
>Closed-Date:    Sat Apr 05 05:41:29 PST 2003
>Last-Modified:  Sat Apr 05 05:41:29 PST 2003
>Originator:     David Wang
>Release:        FreeBSD 4.2-STABLE i386
>Organization:
Juniper Networks
>Environment:
System: FreeBSD sophia.juniper.net 4.5-RELEASE FreeBSD 4.5-RELEASE #0: Sat Mar 23 12:22:23 PST 2002 root@sophia:/usr/src/sys/compile/Juniper i386

>Description:
With LOGIN_CAP defined during compilation, inetd.c calls login_getclass(), 
which returns a dynamically-allocated chunk of memory of size 
sizeof(login_cap_t).  login_close() should be called at some point to 
free up this chunk of memory, but login_close() is never called in inetd.c.

Note that other code in FreeBSD does call login_close() to free up 
memory allocated by login_getclass() and friends.

I saw this behavior in FreeBSD 4.2 but it seems that the problem exists in 
all versions of FreeBSD.

>How-To-Repeat:
Build inetd with LOGIN_CAP defined, and send SIGHUPs to the resulting 
inetd executable.  'ps ux | grep inetd' output will show the memory 
being used by inetd will go up.

>Fix:
Call login_close() after calls to login_getclass(), if the login_cap_t 
that is allocated is not needed anymore.  This will especially help in 
the loop inside config().

>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->dwmalone 
Responsible-Changed-By: dwmalone 
Responsible-Changed-When: Wed Feb 5 06:13:46 PST 2003 
Responsible-Changed-Why:  
Another inetd PR for me. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=46845 
State-Changed-From-To: open->feedback 
State-Changed-By: dwmalone 
State-Changed-When: Sun Feb 9 12:30:17 PST 2003 
State-Changed-Why:  
I've produced a patch which is calls login_close after both calls to 
login_getclass (I realise the second one is redundate because we are 
about to exec, but hey...) 

The patch also fixes a file discriptor leak and a NULL pointer 
dereference (PR 47694 and 46845). If you could cast your eye over 
the patch and/or test it to make sure it fixes the problem, that 
would be great. 

I did try sending lots of HUP signals to inetd, and it still seems 
to grow, but more slowly than before. 

David. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=46845 
State-Changed-From-To: feedback->closed 
State-Changed-By: dwmalone 
State-Changed-When: Sat Apr 5 05:41:00 PST 2003 
State-Changed-Why:  
Now fixed in -current and -stable. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=46845 
>Unformatted:
