Menu

#12 Memory Leak in Iperf 2.02

open
nobody
None
5
2017-08-31
2007-12-17
Anonymous
No

Iperf Version: 2.02

Description:
In addition of per-connection information, Iperf maintains some per-host/client information. Inside Listener.cpp, some memory is allocated for this purpose through InitMulti(). But this allocation will never be released and memory leak occurs. If Iperf server-side needs to be run very long. The server will break down automatucally.

Bug-Fix:
Inside List.cpp,
/*
* Delete Entry del from the List
*/
void Iperf_delete ( iperf_sockaddr *del, Iperf_ListEntry **root ) {
Iperf_ListEntry *temp2;
Iperf_ListEntry *temp = Iperf_present( del, *root );
if ( temp != NULL ) {
if ( temp == *root ) {
*root = (*root)->next;
} else {
Iperf_ListEntry *itr = *root;
while ( itr->next != NULL ) {
if ( itr->next == temp ) {
itr->next = itr->next->next;
break;
}
itr = itr->next;
}
}

//Begin of bug-fix
temp2 = Iperf_hostpresent( del, *root );
if(temp2==NULL) free(temp->holder);
//End

delete temp;
}
}

Related

Bugs: #33

Discussion

  • CK

    CK - 2014-02-07

    While running iperf in server mode (iperf -s), I happened to run "nmap -sV -p5001" (nmap version probing) and after a few seconds iperf grew to a few gigabytes until it was killed by the Linux out-of-memory killer. Suffice to say that the machine was pretty much unsuable for some time and recovered only when iperf was killed.

    Would this be related to this memory leak described here?

    This is reproducible with iperf 2.0.5 on Fedora 20 (x86-64) and Debian 7.0 (powerpc) and nmap 6.x.

     

  • nick black

    nick black - 2017-08-31

    The cause of the nmap -sV memory pressure is the following in Settings_GenerateClientSettings:

    (client)->mThreads = ntohl(hdr->numThreads);

    which is then used to allocate client->mThreads items a bit later. With iperf2 2.0.9 and nmap 7.60, this results in a mThreads value of 1929256211 and a rapid OOM. Note that this happens even if --disable-threads is used with configure.

    On our builds, I've added the following:

    --- iperf-2.0.9-orig/src/Settings.cpp 2017-08-31 15:33:53.583021939 -0400
    +++ iperf-2.0.9/src/Settings.cpp 2017-08-31 15:33:45.306958987 -0400
    @@ -808,6 +808,10 @@
    client_hdr hdr ) {
    int flags = ntohl(hdr->flags);
    if ( (flags & HEADER_VERSION1) != 0 ) {
    + if ( ntohl(hdr->numThreads) != 1 ) {
    +     client = NULL;
    + return;
    + }
    client = new thread_Settings;
    memcpy(    client, server, sizeof( thread_Settings ));
    setCompat( (*client) );

    Since we only ever use singly-threaded clients, this works for us.

     

Log in to post a comment.