#9403 libipa_otp_lasttoken plugin memory leak
Closed: fixed a year ago by frenaud. Opened a year ago by rcritten.


Cloned from BZ https://bugzilla.redhat.com/show_bug.cgi?id=2209636

Description of problem:
Freshly installed replica is leaking memory. From the valgrind output it seems it's actually libipa_otp_lasttoken plugin library:

The leak summary gives this ( 2,5 MB definitely lost overall + 350K indirectly lost ) :

==23733== LEAK SUMMARY:
==23733== definitely lost: 2,493,525 bytes in 66,549 blocks
==23733== indirectly lost: 347,788 bytes in 34,963 blocks
==23733== possibly lost: 3,818 bytes in 9 blocks
==23733== still reachable: 3,897,465 bytes in 40,026 blocks
==23733== of which reachable via heuristic:
==23733== stdstring : 30 bytes in 1 blocks
==23733== suppressed: 0 bytes in 0 blocks


==17484== at 0x4C29F73: malloc (vg_replace_malloc.c:309)
==17484== by 0x63C0B89: strdup (in /usr/lib64/libc-2.17.so)
==17484== by 0x5094AF2: slapi_ch_strdup (ch_malloc.c:196)
==17484== by 0x50E0FB6: slapi_pblock_get (pblock.c:441)
==17484== by 0x14DF6233: is_allowed (ipa_otp_lasttoken.c:149)

Steps to Reproduce

  1. Install IPA server
  2. edit /etc/systemd/system/dirsrv.target.wants/dirsrv@EXAMPLE-TEST.service
  3. Replace ExecStart with:
    ExecStart=/usr/bin/valgrind --trace-children=yes --show-reachable=yes --track-origins=yes --read-var-info=yes --tool=memcheck --leak-check=full --num-callers=50 -v --log-file=/tmp/valgrind.out /usr/sbin/ns-slapd -D /etc/dirsrv/slapd-%i -i /var/run/dirsrv/slapd-%i.pi
  4. restart dirsrv.target
  5. find valgrind.out in /tmp
  6. I tail -f the file and pipe to tee into a file that will exist once dirsrv is shut down
  7. ipa config-mod --user-auth-type=otp
  8. create a user and add an otp: ipa otptoken-add lastotp --owner tuser1
  9. delete the last otp ipa otptoken-del lastotp

Actual behavior

I had old 389-ds debug bits installed at the time but this confirms the reported leak:

==1433072== 380,360 (1,184 direct, 379,176 indirect) bytes in 74 blocks are definitely lost in loss record 1,585 of 1,587
==1433072== at 0x484882C: calloc (vg_replace_malloc.c:1554)
==1433072== by 0x494EADC: slapi_ch_calloc (in /usr/lib64/dirsrv/libslapd.so.0.1.0)
==1433072== by 0x49AE113: ??? (in /usr/lib64/dirsrv/libslapd.so.0.1.0)
==1433072== by 0xB39DDE9: find.constprop.0 (otp_token.c:372)
==1433072== by 0xB39E3FA: otp_token_find.part.0.constprop.0 (otp_token.c:434)
==1433072== by 0xB39E61A: UnknownInlinedFun (otp_token.c:405)
==1433072== by 0xB39E61A: UnknownInlinedFun (ipa_otp_lasttoken.c:99)
==1433072== by 0xB39E61A: is_allowed (ipa_otp_lasttoken.c:164)



Metadata Update from @rcritten:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=2209636

a year ago


  • 089907b Fix memory leak in the OTP last token plugin


  • 421e8e9 Fix memory leak in the OTP last token plugin


  • 9438ce9 Fix memory leak in the OTP last token plugin


  • 66c35a5 Fix memory leak in the OTP last token plugin

Metadata Update from @frenaud:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

a year ago

Log in to comment on this ticket.