[ntp:security] memory leak

Heiko Gerstung heiko.gerstung at meinberg.de
Thu Dec 20 07:53:36 UTC 2007

Danny Mayer schrieb:
> Heiko Gerstung wrote:
>> Danny et al,
>> I can confirm a memory leak with 4.2.4p4, penetrating it with ntpload at
>> 33000 req/s results in ~0.5M/s increased memory consumption rate which
>> is not freed as it seems. I did not crash it, but this would be the
>> result if I just let ntpload do its ugly job :-)
> Heiko,
> Can you test this with the build, as is, from the tarball. I know you
> still have made some minor changes to your build and I want to make sure
> that those changes are not affecting this. 

No, we were using a vanilla ntpd in the 4.2.4p4 version (AKA "Modena") of the 

> Just remember that the
> recvbuf list expands to accommodate the incoming influx of packets and
> does not release them. There used to be a limit and I had removed it but
> that's true of the Unix version as well. The version I have has barely
> changed its footprint since I started to run ntpload (from another
> system) against it. The current syntax I'm using is:
> ntpload-2.2\Release>ntpload -c -t 10 -u 200
> and I'm running debug mode which does slow things down somewhat.

Today I checked again and found out that the memory leak seems to be appearing 
on my laptop (which I used for my tests so far) but not on my desktop machine, 
which I use for testing and building the installer and the included ntpd and 
openssl. That seems to indicate that this memory leak is somehow related to 
different hardware or software platforms.

Both my machines run XP Professional SP2 and patches are up to date (last patch 
installed is KB944653). The laptop has IE7 installed and the desktop still runs 
IE6, while I am typing this I am installing IE7 on the desktop machine to find 
out if this has something to do with it.

There is nothing special with the network interfaces of both systems, I have 
GigE connections on both of them (Intel chip on the desktop, Marvell Yukon on 
the lappy) and they both are connected to the same switch and subnet plus they 
use the same DHCP, DNS and other servers.

I will keep you posted. We are trying to analyze the memory leak with some 
special debugger (Rational Purify) in order to hunt it down.

Of course we are open for ideas and if anyone reading this has the chance to 
test 4.2.4p4-modena on a Windows machine, please do so and let us know the 
results as well as details regarding hard- and software configuration of that 

Best Regards,

> Thanks,
> Danny


*MEINBERG Funkuhren GmbH & Co. KG*
Lange Wand 9
D-31812 Bad Pyrmont, Germany
Tel.: ++49 (0)5281 9309-25
Fax: ++49 (0)5281 9309-30
eMail: heiko.gerstung at meinberg.de <mailto:heiko.gerstung at meinberg.de>
Internet: www.meinberg.de <http://www.meinberg.de/>


Meinberg radio clocks: 25 years of accurate time worldwide

More information about the security mailing list