Discussion:
Memory Leak in SChannel on Windows Server 2008 SP2
(too old to reply)
Greg
2010-08-04 14:43:03 UTC
Permalink
I'm using SChannel SSPI for TLS/SSL connection. On Windows Server 2008 there
appears to be two buffer leaks for every new connection. They allocated
during the call to AcceptSecurityContext, and not freed in the call to
DeleteSecurityContext.

I cannot reproduce this on other platforms ( Windows 2003, 7, XP ) The box
has KB 953535 installed (it's included in SP2)

The first buffer is 32 bytes, here's the callstack :
0:001> !heap -p -a 02603328
address 02603328 found in
_HEAP @ 1e0000
HEAP_ENTRY Size Prev Flags UserPtr UserSize - state
02603328 0007 0000 [00] 02603340 00020 - (busy)
Trace: 19853f0
77b1fbd2 ntdll!RtlAllocateHeap+0x0000021d
7636ae45 kernel32!LocalAlloc+0x00000052
75621e0a schannel!SPContextDeserialize+0x0000066c
75613502 schannel!SslAddUserContext+0x00000165
75612af1 schannel!SpInitUserModeContext+0x00000074
75ff683d Secur32!LsaAcceptSecurityContext+0x000001ce
75ff6666 Secur32!AcceptSecurityContext+0x000000b1
4303c6 tls_aes+0x000303c6
430e69 tls_aes+0x00030e69
4309f7 tls_aes+0x000309f7
430812 tls_aes+0x00030812
43c313 tls_aes+0x0003c313
43c0cd tls_aes+0x0003c0cd
7636d0e9 kernel32!BaseThreadInitThunk+0x0000000e
77af19bb ntdll!__RtlUserThreadStart+0x00000023
77af198e ntdll!_RtlUserThreadStart+0x0000001b

The second buffer varies in size depending on the protocol ( 12 bytes for
TLS or 36 bytes for SSL3. Not sure if that's due to the cipher
suite..probably is)

Here's the 36 byte buffers callsatck:

0:001> !heap -p -a 00262600
address 00262600 found in
_HEAP @ 1e0000
HEAP_ENTRY Size Prev Flags UserPtr UserSize - state
00262600 0008 0000 [00] 00262618 00024 - (busy)
Trace: 1985484
77b1fbd2 ntdll!RtlAllocateHeap+0x0000021d
7636ae45 kernel32!LocalAlloc+0x00000052
75621dbc schannel!SPContextDeserialize+0x0000061e
75613502 schannel!SslAddUserContext+0x00000165
75612af1 schannel!SpInitUserModeContext+0x00000074
75ff683d Secur32!LsaAcceptSecurityContext+0x000001ce
75ff6666 Secur32!AcceptSecurityContext+0x000000b1
4303c6 tls_aes+0x000303c6
430e69 tls_aes+0x00030e69
4309f7 tls_aes+0x000309f7
430812 tls_aes+0x00030812
43c313 tls_aes+0x0003c313
43c0cd tls_aes+0x0003c0cd
7636d0e9 kernel32!BaseThreadInitThunk+0x0000000e
77af19bb ntdll!__RtlUserThreadStart+0x00000023
77af198e ntdll!_RtlUserThreadStart+0x0000001b

I've searched the web and at least one other person has come across this,
but no one has answered.

Thanks for any help/insight.

I have sample source code that reproduces this issue
Greg
2010-08-04 16:21:03 UTC
Permalink
As a follow up, the 32 byte buffer leak also occurs using the webserver
sample code in the sdk.
Post by Greg
I'm using SChannel SSPI for TLS/SSL connection. On Windows Server 2008 there
appears to be two buffer leaks for every new connection. They allocated
during the call to AcceptSecurityContext, and not freed in the call to
DeleteSecurityContext.
...
Post by Greg
I have sample source code that reproduces this issue
Greg
2010-08-05 22:28:03 UTC
Permalink
Found the answer, KB 979231
Post by Greg
As a follow up, the 32 byte buffer leak also occurs using the webserver
sample code in the sdk.
Post by Greg
I'm using SChannel SSPI for TLS/SSL connection. On Windows Server 2008 there
appears to be two buffer leaks for every new connection. They allocated
during the call to AcceptSecurityContext, and not freed in the call to
DeleteSecurityContext.
...
Post by Greg
I have sample source code that reproduces this issue
Greg
2010-08-05 22:27:03 UTC
Permalink
Found the answer => KB 979231
Post by Greg
I'm using SChannel SSPI for TLS/SSL connection. On Windows Server 2008 there
appears to be two buffer leaks for every new connection. They allocated
during the call to AcceptSecurityContext, and not freed in the call to
DeleteSecurityContext.
I cannot reproduce this on other platforms ( Windows 2003, 7, XP ) The box
has KB 953535 installed (it's included in SP2)
Loading...