[ntp:security] memory leak

Danny Mayer mayer at ntp.isc.org
Thu Dec 20 13:16:34 UTC 2007


Heiko Gerstung wrote:
> Danny Mayer schrieb:
>> Heiko Gerstung wrote:
>>> Danny et al,
>>>
>>> I can confirm a memory leak with 4.2.4p4, penetrating it with ntpload at
>>> 33000 req/s results in ~0.5M/s increased memory consumption rate which
>>> is not freed as it seems. I did not crash it, but this would be the
>>> result if I just let ntpload do its ugly job :-)
>>
>> Heiko,
>>
>> Can you test this with the build, as is, from the tarball. I know you
>> still have made some minor changes to your build and I want to make sure
>> that those changes are not affecting this. 
> 
> No, we were using a vanilla ntpd in the 4.2.4p4 version (AKA "Modena")
> of the installer.
> 
>> Just remember that the
>> recvbuf list expands to accommodate the incoming influx of packets and
>> does not release them. There used to be a limit and I had removed it but
>> that's true of the Unix version as well. The version I have has barely
>> changed its footprint since I started to run ntpload (from another
>> system) against it. The current syntax I'm using is:
>> ntpload-2.2\Release>ntpload -c -t 10 -u 200 10.60.98.32
>>
>> and I'm running debug mode which does slow things down somewhat.
> 
> Today I checked again and found out that the memory leak seems to be
> appearing on my laptop (which I used for my tests so far) but not on my
> desktop machine, which I use for testing and building the installer and
> the included ntpd and openssl. That seems to indicate that this memory
> leak is somehow related to different hardware or software platforms.
> 
> Both my machines run XP Professional SP2 and patches are up to date
> (last patch installed is KB944653). The laptop has IE7 installed and the
> desktop still runs IE6, while I am typing this I am installing IE7 on
> the desktop machine to find out if this has something to do with it.
> 

Nothing about IE should make a difference to ntp. I'm also running an
Oracle DB, tomcat, IIS, Firefox and IE, antivirus, VS 2005, pidgin,
Acrobat reader, named, Microsoft Office products all at the same time on
my system.

> There is nothing special with the network interfaces of both systems, I
> have GigE connections on both of them (Intel chip on the desktop,
> Marvell Yukon on the lappy) and they both are connected to the same
> switch and subnet plus they use the same DHCP, DNS and other servers.
> 

None of which should make a difference.

> I will keep you posted. We are trying to analyze the memory leak with
> some special debugger (Rational Purify) in order to hunt it down.
> 

Purify works best if ntpd is built with debug. That also slows it down
of course.

> Of course we are open for ideas and if anyone reading this has the
> chance to test 4.2.4p4-modena on a Windows machine, please do so and let
> us know the results as well as details regarding hard- and software
> configuration of that system.
> 

The security list is a very small closed list that only a few people see.

One thing you might try is adding -U 0 to the command line in case the
dynamic interface code is causing a problem. We have one bug report on
HP/UX which indicated a problem that we haven't been able to track down
yet. Turning off dynamic reconfiguration fixed the problem but we still
don't know why. See Bug #885 starting with Comment #3.

Danny


More information about the security mailing list