[tpop3d-discuss] Memory leak?

Chris Lightfoot chris at ex-parrot.com
Wed, 8 May 2002 18:38:07 +0100

On Wed, May 08, 2002 at 10:12:52AM -0700, Marc Lewis wrote:
> On Wed, May 08, 2002 at 11:40:56AM +0100, Chris Lightfoot wrote:
> > I've attached a trivial test of the PAM code, pamtest.c.
> > Could you replace `user' and `password' at the end with a
> > valid username and password, compile it with
> >     cc -o pamtest -lpam -ldl pamtest.c
> > and see whether it leaks memory when you run it?
> Yes, it does.  When first started:
> # ps auxw | grep pamtest
> root     27063  8.5  0.1  4412 1904 pts/1    R    09:28   0:00 ./pamtest
> After about a minute of running:
> # ps auxw | grep pamtest
> root     27810 12.5  0.7  9748 7236 pts/1    S    09:28   0:07 ./pamtest

OK. This is, I guess, about the same rate of growth that
the tpop3d process is seeing.

> I may try configuring it so it uses auth-ldap and bypasses PAM, but that
> doesn't seem like a good long term fix since we're using PAM to keep things
> uniform.

Agree. (But see my notes about PAM below.) I am fairly
sure that the code I have sent you is a correct PAM
program in the sense that it ought not leak memory. I
don't have a recent machine to hand with which to test
this, and all the older PAM implementations leak memory
even in simple modules like pam_unix.

> > Also, can you tell me more about the crashes you've
> > experienced -- in particular, is there any useful
> > information in the logs?
> Nothing.  Things just stop.

Hmm. That could just be an out-of-memory issue, I suppose.
Or possibly something timing out connecting to the LDAP

> Also, I don't know if anyone else has seen
> this, but it is a bit bizarre.  After first starting up tpop3d, it logs
> things to /var/log/maillog as one would expect.  After running for a while,
> though, suddenly it will start up in /var/log/messages and the mail log
> entries will stop.  It is very, very strange and the only application that
> shifts from one log to another.  It could be a symptom of the other
> problem, but I thought I would mention it anyway.

Yep-- I've seen this before. It's a bug in one of the PAM
authentication modules, which is evidently calling
openlog(3) and changing which log file the thing is
writing to. Sigh. Try the following patch:

diff -u -r1.4 logging.c
--- logging.c   2002/02/25 16:16:25     1.4
+++ logging.c   2002/05/08 17:16:03
@@ -51,6 +51,8 @@
 #define NFACIL      (sizeof(facil) / sizeof(struct logfac))
+static int log_fac;
 /* log_init:
  * Start up logging. */
 void log_init(void) {
@@ -71,6 +73,8 @@
     openlog("tpop3d", LOG_PID | LOG_NDELAY, fac);
     if (warn == 1)
         log_print(LOG_ERR, _("log_init: log-facility `%s' unknown, using `mail'"), s);
+    log_fac = fac;
@@ -111,7 +115,7 @@
     va_start(ap, fmt);
     s = verrprintf(fmt, ap);
-    syslog(priority, "%s", s);
+    syslog(priority | log_fac, "%s", s);
     if (log_stderr) fprintf(stderr, "%s\n", s);

(You probably don't all want to hear me rant about PAM.
Let me just say that, for a security-critical component of
the operating system, it is astonishingly shoddily
implemented. Coupled with a loudy design and poor
documentation, I'm surprised that it works at all.)

``I need an immediately distinguishable character...
  so I'll use something that no-one will recognise.'' (maths lecture)