[ntp:security] memory leak

Heiko Gerstung heiko.gerstung at meinberg.de
Thu Dec 20 13:31:28 UTC 2007

Danny Mayer schrieb:
 > Heiko Gerstung wrote:
 >> Danny Mayer schrieb:
 >>> Heiko Gerstung wrote:
 >>>> Danny et al,
 >>>> I can confirm a memory leak with 4.2.4p4, penetrating it with ntpload at
 >>>> 33000 req/s results in ~0.5M/s increased memory consumption rate which
 >>>> is not freed as it seems. I did not crash it, but this would be the
 >>>> result if I just let ntpload do its ugly job :-)
 >>> Heiko,
 >>> Can you test this with the build, as is, from the tarball. I know you
 >>> still have made some minor changes to your build and I want to make sure
 >>> that those changes are not affecting this.
 >> No, we were using a vanilla ntpd in the 4.2.4p4 version (AKA "Modena")
 >> of the installer.
 >>> Just remember that the
 >>> recvbuf list expands to accommodate the incoming influx of packets and
 >>> does not release them. There used to be a limit and I had removed it but
 >>> that's true of the Unix version as well. The version I have has barely
 >>> changed its footprint since I started to run ntpload (from another
 >>> system) against it. The current syntax I'm using is:
 >>> ntpload-2.2\Release>ntpload -c -t 10 -u 200
 >>> and I'm running debug mode which does slow things down somewhat.
 >> Today I checked again and found out that the memory leak seems to be
 >> appearing on my laptop (which I used for my tests so far) but not on my
 >> desktop machine, which I use for testing and building the installer and
 >> the included ntpd and openssl. That seems to indicate that this memory
 >> leak is somehow related to different hardware or software platforms.
 >> Both my machines run XP Professional SP2 and patches are up to date
 >> (last patch installed is KB944653). The laptop has IE7 installed and the
 >> desktop still runs IE6, while I am typing this I am installing IE7 on
 >> the desktop machine to find out if this has something to do with it.
 > Nothing about IE should make a difference to ntp. I'm also running an
 > Oracle DB, tomcat, IIS, Firefox and IE, antivirus, VS 2005, pidgin,
 > Acrobat reader, named, Microsoft Office products all at the same time on
 > my system.

It did not make a difference, but you never know what MS installs together with 
IE7 ..

 >> There is nothing special with the network interfaces of both systems, I
 >> have GigE connections on both of them (Intel chip on the desktop,
 >> Marvell Yukon on the lappy) and they both are connected to the same
 >> switch and subnet plus they use the same DHCP, DNS and other servers.
 > None of which should make a difference.
No. But I am running out of ideas here.

 >> I will keep you posted. We are trying to analyze the memory leak with
 >> some special debugger (Rational Purify) in order to hunt it down.
 > Purify works best if ntpd is built with debug. That also slows it down
 > of course.

Yep. At the moment I am looking for a way to install Purify on my laptop, it 
seems that it simply does not work with the license we have bought. I will try 
to install a Purify V7 Trial version and see if I find out anything.

 >> Of course we are open for ideas and if anyone reading this has the
 >> chance to test 4.2.4p4-modena on a Windows machine, please do so and let
 >> us know the results as well as details regarding hard- and software
 >> configuration of that system.
 > The security list is a very small closed list that only a few people see.
I would like to know more about the system where the memory leak has been found.

 > One thing you might try is adding -U 0 to the command line in case the
 > dynamic interface code is causing a problem. We have one bug report on
 > HP/UX which indicated a problem that we haven't been able to track down
 > yet. Turning off dynamic reconfiguration fixed the problem but we still
 > don't know why. See Bug #885 starting with Comment #3.

Did not change anything. Will keep you posted.


 > Danny


*MEINBERG Funkuhren GmbH & Co. KG*
Lange Wand 9
D-31812 Bad Pyrmont, Germany
Tel.: ++49 (0)5281 9309-25
Fax: ++49 (0)5281 9309-30
eMail: heiko.gerstung at meinberg.de <mailto:heiko.gerstung at meinberg.de>
Internet: www.meinberg.de <http://www.meinberg.de/>


Meinberg radio clocks: 25 years of accurate time worldwide

More information about the security mailing list