** Description changed: [Impact] There are two memory leaks in the sssd-kcm package in Ubuntu 24.04 (Noble). The problem happens when users login or renew tickets. The struct sss_sec_ctx stays in memory and does not clean up. Both are already patched upstream, and applied to the sssd-2-9-4 branch. Applying these backports into Noble's package can prevent the memory leaks from affecting Ubuntu users. Both patches are already in Resolute and Stonking, since they are based on 2.12.0. PR #7823 - https://github.com/SSSD/sssd/pull/7823 PR #7834 - https://github.com/SSSD/sssd/pull/7834 [Test Plan] Install dependencies and set up: ``` # 1. Install deps apt update && apt install -y krb5-kdc krb5-user krb5-admin-server sssd-kcm # When prompted, put in TEST.COM, localhost, and localhost for krb5. sleep 2 # 2. Create the database kdb5_util create -s -P password123 sleep 2 systemctl restart krb5-kdc # 3. Create test users useradd -m testkcm0 useradd -m testkcm1 # 4. Create users and keytabs mkdir -p /etc/kcmtest/ for i in {0..1}; do - kadmin.local -q "addprinc -randkey testkcm$i" - kadmin.local -q "ktadd -k /etc/kcmtest/$i.keytab testkcm$i" - chown testkcm$i /etc/kcmtest/$i.keytab + kadmin.local -q "addprinc -randkey testkcm$i" + kadmin.local -q "ktadd -k /etc/kcmtest/$i.keytab testkcm$i" + chown testkcm$i /etc/kcmtest/$i.keytab done ``` Observe the memory leak: ``` #!/bin/bash # Launch User 0 Loop sudo -u testkcm0 bash -c ' export KRB5CCNAME=KCM: while :; do - kinit -k -t /etc/kcmtest/0.keytab testkcm0 - kdestroy -A - sleep 0.1 + kinit -k -t /etc/kcmtest/0.keytab testkcm0 + kdestroy -A + sleep 0.1 done' & # Launch User 1 Loop sudo -u testkcm1 bash -c ' export KRB5CCNAME=KCM: while :; do - kinit -k -t /etc/kcmtest/1.keytab testkcm1 - kdestroy -A - sleep 0.1 + kinit -k -t /etc/kcmtest/1.keytab testkcm1 + kdestroy -A + sleep 0.1 done' & watch -n 10 "ps -C sssd_kcm -o pid=,rss=,etime=" wait ``` On the unpatched version, the memory leak causes the memory usage to rise every time. On the patched version, memory might rise for the first few checks, but will soon level off. [Where problems could occur] Patch 1: - It is conceivable, but very unlikely, that the first patch introduces a - use after free. Currently, this is impossible as the data isn't modified - below, but refactors to use a direct pointer instead of a copy could - result in memory corruption. - - Patch 2: - - It is unlikely this will cause any regression. This patch simply ensures - the memory is freed on every control path. Previously, memory was not - freed in abnormal exits. + Both patches effect ticket store/update operations, specifically freeing + memory associated with the ticket. It is possible that in the event of a + regression a user will be unable to interact with the login system. [Additional Info] Commits upstream (master branch): https://github.com/SSSD/sssd/commit/7f1b7c9689827df92e8b2166423d4e80688dbacb https://github.com/SSSD/sssd/commit/9e72bc242b600158d7920b2b98644efa42fd1ffa Backports to the sssd-2-9-4 branch: https://github.com/SSSD/sssd/commit/58547f020a634cdda4aad0ee350aeb4a894f6669 https://github.com/SSSD/sssd/commit/85469a77c232f2fe0b95376fe51e3900ab9e9bf0
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2150664 Title: [SRU] Backport fixes for sssd-kcm memory leak (PR #7823, #7834) in Noble To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/2150664/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
