-
Type: Bug
-
Resolution: Fixed
-
Priority: Major - P3
-
Affects Version/s: None
-
Component/s: None
-
Server Security
-
Fully Compatible
-
ALL
-
v8.0
-
Security 2024-07-08, Security 2024-07-22, Security 2024-08-05, Programmability 2024-07-08
-
200
I'm running into a memory leak in sasl_authentication_session_gssapi_test when upgrading from rhel80 to rhel88:
[cpp_unit_test:sasl_authentication_session_gssapi_test] SUMMARY: AddressSanitizer: 34724 byte(s) leaked in 48 allocation(s).
repro steps:
buildscripts/scons.py --variables-files=etc/scons/mongodbtoolchain_stable_clang.vars --build-profile=san +sasl_authentication_session_gssapi_test ninja -f san.ninja +sasl_authentication_session_gssapi_test
The memory leaked was all allocated inside of the sasl library's sasl_client_start call. I verified that sasl_dispose is getting called on the underlying connection handle as well. I originally thought a call to gss_acquire_cred might increase the ref counter on memory managed by the connection object, but it looks like every gss_acquire_cred has a matching gss_release_cred It's possible it's an issue in libsasl/krb but seems unlikely given that we're not really doing anything very unique in this code path as far as I can tell
This is also occurring on my ubuntu22 workstation, so it's possibly an issue that happens everywhere except the specific platform we're running asan on (rhel80). This is the last issue blocking us from upgrading to rhel88 for mongo 8.0
This appears to not occur on RHEL80 which is the only variant we're currently running the address sanitizer on.
Full stack trace of the leak (on an ubuntu22 workstation):
https://gist.github.com/zackwintermdb/a7a9fea8ae7f4cdb4f2827dc40ce9986
Slack thread: https://mongodb.slack.com/archives/CB3CW8M8C/p1719279196709339
- is depended on by
-
SERVER-87451 Platform Support: Bump rhel8 variants to 8.8 (x86_64 and arm64)
- Closed
- related to
-
SERVER-92801 Remove ASAN suppressions on Cyrus SASL-dependent tests
- Backlog