On 5/09/18 1:24 AM, Silamael wrote: > Hello, > > I'm currently investigating a memory leak in with the Kerberos negotiate > authentication helper in Squid 3.5.27 under OpenBSD 6.3. It's a own port > with added Kerberos support since OpenBSD's port does not support > Kerberos at all. > > As library Heimdal 7.5.0 is used. So far I had no luck in finding the > memory leak itself. Have you tried valgrind and either GCC or clang static analysis features on your helper and/or library? > > Would it be safe for Squid, to patch the helper code so that it does a > clean exit after every X processed requests? > > Or will this bring new problems on Squid's side? > Should be okay so long as the helpers do reply to at least some queries, and do not exit all at once. Squid-3.5 will log errors about helpers exiting unexpectedly, but should only die if the helpers did so on their startup or many are dying within a shifting 30sec window of time. Squid-4 can use the auth_param on-persistent-overload=ERR option to prevent even the death cases above. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
