Performing verification for plucky. I installed cifs-utils 2:7.2-2 from plucky -release.
I followed the testcase and installed valgrind and moved the wrapper script into place: ubuntu@plucky-dc:~$ sudo mv /usr/sbin/cifs.upcall /usr/sbin/cifs.upcall.bin ubuntu@plucky-dc:~$ sudo cp /usr/sbin/cifs.upcall.wrapper /usr/sbin/cifs.upcall ubuntu@plucky-dc:~$ kdestroy kdestroy: No credentials cache found while destroying cache ubuntu@plucky-dc:~$ klist klist: No credentials cache found (filename: /tmp/krb5cc_1000) ubuntu@plucky-dc:~$ sudo mount -t cifs -o sec=krb5i //samba-dc.example.com/demo /mnt/testshare1 mount error(126): Required key not available Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) and kernel log messages (dmesg) ubuntu@plucky-dc:~$ cat valgrind.log ==1832== Memcheck, a memory error detector ==1832== Copyright (C) 2002-2024, and GNU GPL'd, by Julian Seward et al. ==1832== Using Valgrind-3.24.0 and LibVEX; rerun with -h for copyright info ==1832== Command: /usr/sbin/cifs.upcall.bin 686323078 ==1832== ==1833== ==1833== HEAP SUMMARY: ==1833== in use at exit: 148 bytes in 1 blocks ==1833== total heap usage: 6 allocs, 5 frees, 4,768 bytes allocated ==1833== ==1833== LEAK SUMMARY: ==1833== definitely lost: 0 bytes in 0 blocks ==1833== indirectly lost: 0 bytes in 0 blocks ==1833== possibly lost: 0 bytes in 0 blocks ==1833== still reachable: 148 bytes in 1 blocks ==1833== suppressed: 0 bytes in 0 blocks ==1833== Rerun with --leak-check=full to see details of leaked memory ==1833== ==1833== For lists of detected and suppressed errors, rerun with: -s ==1833== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0) ==1832== ==1832== HEAP SUMMARY: ==1832== in use at exit: 7,143 bytes in 21 blocks ==1832== total heap usage: 793 allocs, 772 frees, 361,567 bytes allocated ==1832== ==1832== LEAK SUMMARY: ==1832== definitely lost: 56 bytes in 1 blocks ==1832== indirectly lost: 0 bytes in 0 blocks ==1832== possibly lost: 0 bytes in 0 blocks ==1832== still reachable: 7,087 bytes in 20 blocks ==1832== suppressed: 0 bytes in 0 blocks ==1832== Rerun with --leak-check=full to see details of leaked memory ==1832== ==1832== For lists of detected and suppressed errors, rerun with: -s ==1832== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0) ==1832== could not unlink /tmp/vgdb-pipe-from-vgdb-to-1832-by-???-on-??? ==1832== could not unlink /tmp/vgdb-pipe-to-vgdb-from-1832-by-???-on-??? ==1832== could not unlink /tmp/vgdb-pipe-shared-mem-vgdb-1832-by-???-on-??? We leaked 56 bytes of memory. I then enabled -security-proposed by this ppa: https://launchpad.net/~ubuntu-security- proposed/+archive/ubuntu/ppa/+packages?field.name_filter=cifs- utils&field.status_filter=published&field.series_filter= I installed cifs-utils 2:7.2-2ubuntu0.1. I then again moved the valgrind wrapper script into place: ubuntu@plucky-dc:~$ sudo mv /usr/sbin/cifs.upcall /usr/sbin/cifs.upcall.bin ubuntu@plucky-dc:~$ sudo cp /usr/sbin/cifs.upcall.wrapper /usr/sbin/cifs.upcall ubuntu@plucky-dc:~$ kdestroy kdestroy: No credentials cache found while destroying cache ubuntu@plucky-dc:~$ klist klist: No credentials cache found (filename: /tmp/krb5cc_1000) ubuntu@plucky-dc:~$ sudo mount -t cifs -o sec=krb5i //samba-dc.example.com/demo /mnt/testshare1 mount error(126): Required key not available Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) and kernel log messages (dmesg) ubuntu@plucky-dc:~$ cat valgrind.log ==2181== Memcheck, a memory error detector ==2181== Copyright (C) 2002-2024, and GNU GPL'd, by Julian Seward et al. ==2181== Using Valgrind-3.24.0 and LibVEX; rerun with -h for copyright info ==2181== Command: /usr/sbin/cifs.upcall.bin 127966981 ==2181== ==2182== ==2182== HEAP SUMMARY: ==2182== in use at exit: 148 bytes in 1 blocks ==2182== total heap usage: 6 allocs, 5 frees, 4,768 bytes allocated ==2182== ==2182== LEAK SUMMARY: ==2182== definitely lost: 0 bytes in 0 blocks ==2182== indirectly lost: 0 bytes in 0 blocks ==2182== possibly lost: 0 bytes in 0 blocks ==2182== still reachable: 148 bytes in 1 blocks ==2182== suppressed: 0 bytes in 0 blocks ==2182== Rerun with --leak-check=full to see details of leaked memory ==2182== ==2182== For lists of detected and suppressed errors, rerun with: -s ==2182== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0) ==2181== ==2181== HEAP SUMMARY: ==2181== in use at exit: 7,087 bytes in 20 blocks ==2181== total heap usage: 793 allocs, 773 frees, 361,567 bytes allocated ==2181== ==2181== LEAK SUMMARY: ==2181== definitely lost: 0 bytes in 0 blocks ==2181== indirectly lost: 0 bytes in 0 blocks ==2181== possibly lost: 0 bytes in 0 blocks ==2181== still reachable: 7,087 bytes in 20 blocks ==2181== suppressed: 0 bytes in 0 blocks ==2181== Rerun with --leak-check=full to see details of leaked memory ==2181== ==2181== For lists of detected and suppressed errors, rerun with: -s ==2181== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0) ==2181== could not unlink /tmp/vgdb-pipe-from-vgdb-to-2181-by-???-on-??? ==2181== could not unlink /tmp/vgdb-pipe-to-vgdb-from-2181-by-???-on-??? ==2181== could not unlink /tmp/vgdb-pipe-shared-mem-vgdb-2181-by-???-on-??? This time we don't leak any memory. Now I am just running through the testcase of bug 2099917: root@plucky-dc:/home/ubuntu# kinit [email protected] Password for [email protected]: Warning: Your password will expire in 38 days on Fri Jul 25 00:23:17 2025 root@plucky-dc:/home/ubuntu# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: [email protected] Valid starting Expires Service principal 06/16/25 01:38:14 06/16/25 11:38:14 krbtgt/[email protected] renew until 06/17/25 01:38:11 root@plucky-dc:/home/ubuntu# mount -t cifs -o cruid=root,user=root,sec=krb5i,uid=0,gid=0,cred=/tmp/krb5cc_0 //samba-dc.example.com/demo /mnt/testshare1 root@plucky-dc:/home/ubuntu# umount /mnt/testshare1 root@plucky-dc:/home/ubuntu# git clone https://git.nullroute.lt/hacks/python-krb5ccparse.git Cloning into 'python-krb5ccparse'... remote: Enumerating objects: 59, done. remote: Counting objects: 100% (59/59), done. remote: Compressing objects: 100% (59/59), done. remote: Total 59 (delta 28), reused 0 (delta 0), pack-reused 0 (from 0) Receiving objects: 100% (59/59), 11.55 KiB | 657.00 KiB/s, done. Resolving deltas: 100% (28/28), done. root@plucky-dc:/home/ubuntu# cd python-krb5ccparse/ root@plucky-dc:/home/ubuntu/python-krb5ccparse# ./kremovetkt -c /tmp/krb5cc_0 -o /tmp/removed -p krbtgt/[email protected] Keeping ticket for krb5_ccache_conf_data/fast_avail/krbtgt/[email protected]@X-CACHECONF: Keeping ticket for krb5_ccache_conf_data/pa_type/krbtgt/[email protected]@X-CACHECONF: Skipping ticket for krbtgt/[email protected] Keeping ticket for cifs/samba-dc.example.com@ root@plucky-dc:/home/ubuntu/python-krb5ccparse# kdestroy root@plucky-dc:/home/ubuntu/python-krb5ccparse# mv /tmp/removed /tmp/krb5cc_0 root@plucky-dc:/home/ubuntu/python-krb5ccparse# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: [email protected] Valid starting Expires Service principal 06/16/25 01:38:17 06/16/25 11:38:14 cifs/samba-dc.example.com@ renew until 06/17/25 01:38:11 Ticket server: cifs/[email protected] root@plucky-dc:/home/ubuntu/python-krb5ccparse# mount -t cifs -o cruid=root,user=root,sec=krb5i,uid=0,gid=0,cred=/tmp/krb5cc_0 //samba-dc.example.com/demo /mnt/testshare1 root@plucky-dc:/home/ubuntu/python-krb5ccparse# mount -l ... //samba-dc.example.com/demo on /mnt/testshare1 type cifs (rw,relatime,vers=3.1.1,sec=krb5i,cruid=0,cache=strict,upcall_target=app,username=root,uid=0,forceuid,gid=0,forcegid,addr=192.168.122.106,file_mode=0755,dir_mode=0755,soft,nounix,serverino,mapposix,reparse=nfs,nativesocket,symlink=native,rsize=4194304,wsize=4194304,bsize=1048576,retrans=1,echo_interval=60,actimeo=1,closetimeo=1) The testcase still holds, and the new package doesn't introduce any regressions. The package in -security-proposed fixes the issue. Happy to mark verified for plucky. ** Tags added: verification-done-plucky -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2113906 Title: Regression: After LP2099917 cifs.upcall leaks memory on error message if service ticket doesn't exist To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cifs-utils/+bug/2113906/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
