AppArmor

libapparmor aalogparse memory leak

Bug #1340927 reported by PGArchangel
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
AppArmor
Fix Released
High
Steve Beattie
AppArmor 2.9.0
2.8
Fix Released
High
Steve Beattie
AppArmor 2.8.4
apparmor (Ubuntu)
Fix Released
Undecided
Unassigned
Nominated for Trusty by Steve Beattie

Bug Description

My kern.log is filled by lots of messages so aa-notify tries to parse them on first run.

My OS is going down when there's no memory left because aa-notify leaks.

I've found that leak is in /usr/bin/aa-notify file in function parse_message.

If I comment lines from
my ($test) = LibAppArmorc::parse_record($msg);
to
LibAppArmorc::free_record($test);
then all goes fine. Program parses file and no memory leak is happened.

Do I've got sources of my version (libapparmor-perl (2.8.0-5.1) from ubuntu) and found that some variables from aa_log_record struct were not freed by the free_record function. These are
char *net_local_addr;
char *net_foreign_addr;

Could this be a reason of a leak?

I haven't much time right now to compile and run tests. So I posted just information I've found and commented lines in bugged function to get my system working.

Revision history for this message
PGArchangel (pgandrey) wrote :
Revision history for this message
Steve Beattie (sbeattie) wrote :

Nice catch. Yes, these are indeed being leaked. There are some additional leaks that are occurring around parsing of syslog data.

Changed in apparmor:
status: New → In Progress
importance: Undecided → High
milestone: none → 2.9.0
assignee: nobody → Steve Beattie (sbeattie)
Revision history for this message
Steve Beattie (sbeattie) wrote :

Commits to address these have been applied to the 2.8 and trunk apparmor branches.

The ubuntu packages should also get a fix for this.

Changed in apparmor:
status: In Progress → Fix Committed
Changed in apparmor (Ubuntu):
status: New → Triaged
Steve Beattie (sbeattie)
summary: - aa-notify memory leak
+ libapparmor aalogparse memory leak
Jamie Strandboge (jdstrand)
Changed in apparmor (Ubuntu):
status: Triaged → Fix Released
Revision history for this message
Steve Beattie (sbeattie) wrote :

Apparmor 2.9.0 has been released; closing.

Changed in apparmor:
status: Fix Committed → Fix Released
Revision history for this message
Steve Beattie (sbeattie) wrote :

Attached is a patch as a part of a trusty SRU.

Revision history for this message
Steve Beattie (sbeattie) wrote :

I reproduced the memory leaks with libapparmor from apparmor 2.8.95~2430-0ubuntu5.1 from trusty-updates, and verified that libapparmor from apparmor 2.8.95~2430-0ubuntu5.2 in trusty-proposed fixes the issue. I did this by running valgrind on aa-notify against each version of the library after having run apparmor regressions tests to generate a lot of events in syslog. Valgrind reported before updating:

  definitely lost: 11,586,610 bytes in 1,005,004 blocks

after updating, valgrind reported:

  definitely lost: 40,263 bytes in 824 blocks

with the remaining leaked memory looking to be in perl itself.

Marking verification-done.

tags: added: verification-done
Revision history for this message
Adam Conrad (adconrad) wrote : Update Released

The verification of the Stable Release Update for apparmor has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.