[ntp:security] memory leak

geir.guldstein at no.abb.com geir.guldstein at no.abb.com
Tue Dec 18 10:49:02 UTC 2007

Hi Danny,

Please refer to the attached picture. We left the ISIC tool running
yesterday, and ntpd eventually crashed after reaching 2GB memory usage. The
"private bytes" used by the process increases steadily with about the rate
Heiko reported (0.5MB/s) when "attacked" by the ISIC tool as described in
our previous mail.

Thank you for interest in investigating this.


(See attached file: ntpd.jpg)

             Danny Mayer                                                   
             <mayer at ntp.isc.or                                             
             g>                                                         To 
                                       Kevin McGrath/NOABB/ABB at ABB         
             17.12.2007 18:28                                           cc 
                                       security at ntp.org, Kai               
                                       Hansen/NOCRC/ABB at ABB, Geir          
             Please respond to         Guldstein/NOINA/ABB at ABB, Heiko      
             mayer at ntp.isc.org         Gerstung                            
                                       <heiko.gerstung at meinberg.de>,       
                                       Martin Burnicki                     
                                       <martin.burnicki at meinberg.de>       
                                       Re: [ntp:security] memory leak      

kevin.mcgrath at no.abb.com wrote:
> Hi
> We are running NTP on Windows XP Pro SP2.
> When flooding the NTP service the ntpd process' private bytes usage
> grows continuously. At some point the service will reach its allocated
> buffer limit and probably crash. Prior to starting flooding the ntpd
> process' private bytes usage is at 921k but once flooding commences
> after a short time interval of 100 seconds the private bytes performance
> counter is 50 MB. These results apply to both the stable and development
> codebase. The tested stable version is 4.2.4p4 at 1.1520-modena-o
> (Meinberg) and the development version is 4.2.5p106.
> The flooding test tool used is the "IP Stack Integrity Checker" (ISIC)
> suite at full speed. The purpose of these tests is to understand the
> impact on the NTP stack to flooding. The ISIC suite is an open source
> tool, which runs on Linux and is available from
> http://isic.sourceforge.net. The ISIC version in use is v0.07. The
> following ISIC syntax can be used to reproduce the above scenario:
> *udpsic -i ethX -r 1 -s rand -d <ip_addr>,123 -F0 -V0 -I0 -p10000000, *
> where X is the Ethernet interface number and /123/ is the NTP port

Can you send us details of the error that you are seeing? I will try and
reproduce this one some of our systems.


> Kind Regards
> Geir & Kevin
> ------------------------------------------------------------------------
> _______________________________________________
> security mailing list
> security at lists.ntp.org
> https://lists.ntp.org/mailman/listinfo/security

-------------- next part --------------
A non-text attachment was scrubbed...
Name: ntpd.jpg
Type: image/jpeg
Size: 112756 bytes
Desc: not available
Url : https://lists.ntp.org/mailman/private/security/attachments/20071218/74c7fd06/attachment-0001.jpg 

More information about the security mailing list