From owner-freebsd-pf@FreeBSD.ORG Wed Feb 25 16:23:35 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2EF4F1065670 for ; Wed, 25 Feb 2009 16:23:35 +0000 (UTC) (envelope-from beck@ualberta.ca) Received: from bofh.cns.ualberta.ca (bofh.cns.ualberta.ca [129.128.11.10]) by mx1.freebsd.org (Postfix) with ESMTP id EDB168FC21 for ; Wed, 25 Feb 2009 16:23:34 +0000 (UTC) (envelope-from beck@ualberta.ca) Received: from bofh.cns.ualberta.ca (beck@localhost.cns.ualberta.ca [127.0.0.1]) by bofh.cns.ualberta.ca (8.14.3/8.14.0) with ESMTP id n1PFpvX9001978 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 25 Feb 2009 08:51:57 -0700 (MST) Received: (from beck@localhost) by bofh.cns.ualberta.ca (8.14.3/8.14.0/Submit) id n1PFpu4n031759; Wed, 25 Feb 2009 08:51:56 -0700 (MST) X-Authentication-Warning: bofh.cns.ualberta.ca: beck set sender to beck@ualberta.ca using -f Date: Wed, 25 Feb 2009 08:51:56 -0700 From: Bob Beck To: Max Laier Message-ID: <20090225155156.GN15982@bofh.cns.ualberta.ca> References: <9e20d71e0902250435y6e090fb0rc138233242fe7d60@mail.gmail.com> <200902251442.43794.max@love2party.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200902251442.43794.max@love2party.net> User-Agent: Mutt/1.5.18 (2008-05-17) Cc: deraadt@openbsd.org, beck@openbsd.org, samm@os2.kiev.ua, Artis Caune , freebsd-pf@freebsd.org Subject: Re: openbsd spamd is leaking memory? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Feb 2009 16:23:35 -0000 * Max Laier [2009-02-25 06:43]: > Hello Artis, > > looks like a valid catch to me. I'm CC'ing the upstream maintainer (Bob, > that's you, right?) From a quick glance there is also a minor leak in > readsuffixlists in the goto bad case. Yeah you're right max, in fact there are three possibilities for a slow leak.. try this: Index: grey.c =================================================================== RCS file: /cvs/src/libexec/spamd/grey.c,v retrieving revision 1.45 diff -u grey.c --- grey.c 7 Dec 2008 21:12:52 -0000 1.45 +++ grey.c 25 Feb 2009 15:46:09 -0000 @@ -315,8 +315,11 @@ size_t len; struct mail_addr *m; - while (!SLIST_EMPTY(&match_suffix)) + while (!SLIST_EMPTY(&match_suffix)) { + m = SLIST_FIRST(&match_suffix); SLIST_REMOVE_HEAD(&match_suffix, entry); + free(m); + } if ((fp = fopen(alloweddomains_file, "r")) != NULL) { while ((buf = fgetln(fp, &len))) { if (buf[len-1] == '\n') @@ -337,8 +340,11 @@ } return; bad: - while (!SLIST_EMPTY(&match_suffix)) + while (SLIST_EMPTY(&match_suffix)) { + m = SLIST_FIRST(&match_suffix); SLIST_REMOVE_HEAD(&match_suffix, entry); + free(m); + } } void @@ -512,6 +518,7 @@ dbc->act = 0; dbc->dsiz = 0; SLIST_REMOVE_HEAD(&db_changes, entry); + free(dbc); } return(ret);