This repository was archived by the owner on Feb 24, 2024. It is now read-only.
This repository was archived by the owner on Feb 24, 2024. It is now read-only.
Memory leak in kerberos.authGSSServerStep() #98
Description
There appears to be a memory leak in kerberos.authGSSServerStep(). I am able to reproduce it consistently by calling the following function in a tight loop:
def gssapi_authenticate(client_token: str):
state = None
try:
rc, state = kerberos.authGSSServerInit("")
if rc != kerberos.AUTH_GSS_COMPLETE:
return None
rc = kerberos.authGSSServerStep(state, client_token)
if rc == kerberos.AUTH_GSS_COMPLETE:
return dict(
rc=rc,
kerberos_token=kerberos.authGSSServerResponse(state),
username=kerberos.authGSSServerUserName(state),
servername=kerberos.authGSSServerTargetName(state),
)
elif rc == kerberos.AUTH_GSS_CONTINUE:
return dict(rc=kerberos.AUTH_GSS_CONTINUE)
else:
return None
except kerberos.GSSError:
return None
finally:
if state:
kerberos.authGSSServerClean(state)After a few minutes memory usage goes from 30MiB to a few hundred MiB. This was identified in a web server using the library which would leak considerable amounts of memory over several days.
Environment:
kerberos (this library) version 1.3.11
RHEL 7, CentOS 7, and AmazonLinux 2
krb5-libs 1.15.1
Python 3.11