Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 476206 - dev-libs/cyrus-sasl seems to eat memory on memory authentication failure
Summary: dev-libs/cyrus-sasl seems to eat memory on memory authentication failure
Status: UNCONFIRMED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: No maintainer - Look at https://wiki.gentoo.org/wiki/Project:Proxy_Maintainers if you want to take care of it
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-07-08 17:29 UTC by Francesco Lamonica
Modified: 2019-03-26 20:02 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Francesco Lamonica 2013-07-08 17:29:37 UTC
saslauthd seems NOT to be releasing memory when dealing with failed authentication with default configuration options (i.e. use 5 threads)

Reproducible: Always

Steps to Reproduce:
1.have some clients trying to authenticate badly
2.see the amount of memory used by the threads
3.
Actual Results:  
memory keeps increasing

Expected Results:  
memory should have been freed sometimes

After googling a bit it seems to be related to the "threaded" mode of saslauthd.
Actually changing the default options from -n5 to -n0 in /etc/conf.d/saslauthd seems to solve the issue.

# emerge --info
Portage 2.1.12.2 (default/linux/amd64/13.0, gcc-4.6.3, glibc-2.15-r3, 3.7.10-gentoo x86_64)
=================================================================
System uname: Linux-3.7.10-gentoo-x86_64-Intel-R-_Xeon-R-_CPU_E5620_@_2.40GHz-with-gentoo-2.2
KiB Mem:     4056216 total,   2170588 free
KiB Swap:    8388604 total,   8341160 free
Timestamp of tree: Mon, 08 Jul 2013 08:30:01 +0000
ld GNU ld (GNU Binutils) 2.22
ccache version 3.1.9 [enabled]
app-shells/bash:          4.2_p45
dev-java/java-config:     2.1.12-r1
dev-lang/python:          2.7.3-r3, 3.2.3-r2
dev-util/ccache:          3.1.9
dev-util/cmake:           2.8.10.2-r2
dev-util/pkgconfig:       0.28
sys-apps/baselayout:      2.2
sys-apps/openrc:          0.11.8
sys-apps/sandbox:         2.6-r1
sys-devel/autoconf:       2.69
sys-devel/automake:       1.11.6, 1.12.6
sys-devel/binutils:       2.22-r1
sys-devel/gcc:            4.6.3
sys-devel/gcc-config:     1.7.3
sys-devel/libtool:        2.4-r1
sys-devel/make:           3.82-r4
sys-kernel/linux-headers: 3.7 (virtual/os-headers)
sys-libs/glibc:           2.15-r3
Repositories: gentoo x-tree
ACCEPT_KEYWORDS="amd64"
ACCEPT_LICENSE="* -@EULA dlj-1.1 Oracle-BCLA-JavaSE"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=native -O2 -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/gnupg/qualified.txt /var/bind"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5.4/ext-active/ /etc/php/cgi-php5.4/ext-active/ /etc/php/cli-php5.4/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo"
CXXFLAGS="-march=native -O2 -pipe"
DISTDIR="/usr/portage/distfiles"
FCFLAGS="-O2 -pipe"
FEATURES="assume-digests binpkg-logs candy ccache config-protect-if-modified distlocks ebuild-locks fixlafiles merge-sync news parallel-fetch preserve-libs protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox"
FFLAGS="-O2 -pipe"
GENTOO_MIRRORS="http://distfiles.gentoo.org"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
MAKEOPTS="-j5"
PKGDIR="/usr/portage/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage/tree"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="X acl alsa amd64 berkdb bzip2 cairo cli cracklib crypt cups cxx dri fam foomaticdb fortran gdbm gif gpm gtk2 hardened iconv imagemagick jpeg loop-aes maildir mmx modules mudflap multilib ncurses nls nptl nptl-only ogg opengl openmp oss pam pcre pdf png ppds qt3 readline samba session spell sse sse2 ssl subversion svg tcltk tcpd threads tiff truetype unicode usb xml xml2 xpm xprint zlib" ABI_X86="64" ALSA_CARDS="hda-intel" APACHE2_MODULES="actions alias auth_basic auth_digest authn_anon authn_dbd authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock dbd deflate dir disk_cache env expires ext_filter file_cache filter headers ident imagemap include info log_config logio mem_cache mime mime_magic negotiation proxy proxy_ajp proxy_balancer proxy_connect proxy_http rewrite setenvif so speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump author" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" INPUT_DEVICES="keyboard mouse" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" MISDN_CARDS="hfcpci" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-4" PYTHON_SINGLE_TARGET="python2_7" PYTHON_TARGETS="python2_7 python3_2" RUBY_TARGETS="ruby19 ruby18" USERLAND="GNU" VIDEO_CARDS="vesa nv vga" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account"
Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, USE_PYTHON
Comment 1 Chris Reffett (RETIRED) gentoo-dev Security 2013-07-11 01:03:31 UTC
Please report this upstream and link back here.
Comment 2 Chris Reffett (RETIRED) gentoo-dev Security 2013-07-13 12:13:46 UTC
To clarify: is this CVE-2013-4122?
Comment 3 Alex Legler (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2013-07-13 15:42:02 UTC
(In reply to Chris Reffett from comment #2)
> To clarify: is this CVE-2013-4122?

Does not look like it.

Also, the report is too vague to call this a security issue. Assigning to maintainers.
Comment 4 Jeroen Roovers gentoo-dev 2014-08-22 09:06:46 UTC
What type of authentication is it that fails?
Comment 5 Francesco Lamonica 2014-08-25 08:11:28 UTC
The svn server against a Windows AD Domain controller