diff --git a/SOURCES/nfs-utils-1.3.0-gssd-memleak.patch b/SOURCES/nfs-utils-1.3.0-gssd-memleak.patch new file mode 100644 index 0000000..03a3ac5 --- /dev/null +++ b/SOURCES/nfs-utils-1.3.0-gssd-memleak.patch @@ -0,0 +1,87 @@ +diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c +index c1e4d2b..3fb11e1 100644 +--- a/utils/gssd/krb5_util.c ++++ b/utils/gssd/krb5_util.c +@@ -702,6 +702,8 @@ gssd_search_krb5_keytab(krb5_context context, krb5_keytab kt, + "we failed to unparse principal name: %s\n", + k5err); + k5_free_kt_entry(context, kte); ++ free(k5err); ++ k5err = NULL; + continue; + } + printerr(4, "Processing keytab entry for principal '%s'\n", +@@ -775,7 +777,7 @@ find_keytab_entry(krb5_context context, krb5_keytab kt, const char *tgtname, + int tried_all = 0, tried_default = 0, tried_upper = 0; + krb5_principal princ; + const char *notsetstr = "not set"; +- char *adhostoverride; ++ char *adhostoverride = NULL; + + + /* Get full target hostname */ +@@ -801,7 +803,6 @@ find_keytab_entry(krb5_context context, krb5_keytab kt, const char *tgtname, + adhostoverride); + /* No overflow: Windows cannot handle strings longer than 19 chars */ + strcpy(myhostad, adhostoverride); +- free(adhostoverride); + } else { + strcpy(myhostad, myhostname); + for (i = 0; myhostad[i] != 0; ++i) { +@@ -810,7 +811,9 @@ find_keytab_entry(krb5_context context, krb5_keytab kt, const char *tgtname, + myhostad[i] = '$'; + myhostad[i+1] = 0; + } +- ++ if (adhostoverride) ++ free(adhostoverride); ++ + retval = get_full_hostname(myhostname, myhostname, sizeof(myhostname)); + if (retval) { + /* Don't use myhostname */ +@@ -898,6 +901,8 @@ find_keytab_entry(krb5_context context, krb5_keytab kt, const char *tgtname, + k5err = gssd_k5_err_msg(context, code); + printerr(1, "%s while building principal for '%s'\n", + k5err, spn); ++ free(k5err); ++ k5err = NULL; + continue; + } + code = krb5_kt_get_entry(context, kt, princ, 0, 0, kte); +@@ -906,6 +911,8 @@ find_keytab_entry(krb5_context context, krb5_keytab kt, const char *tgtname, + k5err = gssd_k5_err_msg(context, code); + printerr(3, "%s while getting keytab entry for '%s'\n", + k5err, spn); ++ free(k5err); ++ k5err = NULL; + /* + * We tried the active directory machine account + * with the hostname part as-is and failed... +@@ -1167,7 +1174,8 @@ gssd_get_krb5_machine_cred_list(char ***list) + *list = l; + retval = 0; + goto out; +- } ++ } else ++ free((void *)l); + out: + return retval; + } +@@ -1215,6 +1223,8 @@ gssd_destroy_krb5_machine_creds(void) + printerr(0, "WARNING: %s while resolving credential " + "cache '%s' for destruction\n", k5err, + ple->ccname); ++ free(k5err); ++ k5err = NULL; + continue; + } + +@@ -1222,6 +1232,8 @@ gssd_destroy_krb5_machine_creds(void) + k5err = gssd_k5_err_msg(context, code); + printerr(0, "WARNING: %s while destroying credential " + "cache '%s'\n", k5err, ple->ccname); ++ free(k5err); ++ k5err = NULL; + } + } + krb5_free_context(context); diff --git a/SPECS/nfs-utils.spec b/SPECS/nfs-utils.spec index 5093291..d669e81 100644 --- a/SPECS/nfs-utils.spec +++ b/SPECS/nfs-utils.spec @@ -161,6 +161,10 @@ Patch121: nfs-utils-1.3.0-nfsconf-manage-gids.patch Patch122: nfs-utils-1.3.0-smnotify-f-flag.patch Patch123: nfs-utils-1.3.0-statd-no-notify.patch Patch124: nfs-utils-1.3.0-mountd-memleak.patch +# +# RHEL7.8-z +# +Patch125: nfs-utils-1.3.0-gssd-memleak.patch Patch1000: nfs-utils-1.2.1-statdpath-man.patch Patch1001: nfs-utils-1.2.1-exp-subtree-warn-off.patch @@ -466,6 +470,8 @@ This package also contains the mount.nfs and umount.nfs program. %patch123 -p1 # 1711210 - rpc.mountd leaks memory %patch124 -p1 +# 1828185 - rpc.gssd uses a lot of memory with krb5 mounts [rhel-7.8.z] +%patch125 -p1 %patch1000 -p1 %patch1001 -p1 @@ -718,6 +724,9 @@ fi /sbin/umount.nfs4 %changelog +* Mon Jun 15 2020 Steve Dickson 1.3.0-0.66_8 +- rpc.gssd: removed a number memory leaks (bz 1828185) + * Mon Aug 5 2019 Steve Dickson 1.3.0-0.66 - nfs-utils_env.sh: Removed the hard coded number of nfsds (bz 1736801)