Fixed memory leaks related to the cache of securityStateReference. See …

…lextudio#93 for details.
y-iwata-bl · Nov 6, 2024 · 877fc54 · 877fc54
1 parent eb68a47
commit 877fc54
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 0 deletions.
diff --git a/pysnmp/proto/mpmod/rfc3412.py b/pysnmp/proto/mpmod/rfc3412.py
@@ -416,6 +416,9 @@ def prepare_response_message(
                 or pduType is not None
                 and pduType not in rfc3411.CONFIRMED_CLASS_PDUS
             ):
+                if securityModel in snmpEngine.security_models:
+                    smHandler = snmpEngine.security_models[securityModel]
+                    smHandler.release_state_information(securityStateReference)
                 raise error.StatusInformation(errorIndication=errind.loopTerminated)
 
             # 7.1.3c
@@ -523,6 +526,9 @@ def prepare_response_message(
         elif securityLevel == 3:
             msgFlags |= 0x03
         else:
+            if securityModel in snmpEngine.security_models:
+                smHandler = snmpEngine.security_models[securityModel]
+                smHandler.release_state_information(securityStateReference)
             raise error.ProtocolError("Unknown securityLevel %s" % securityLevel)
 
         if pdu.tagSet in rfc3411.CONFIRMED_CLASS_PDUS:  # XXX not needed?

diff --git a/pysnmp/proto/secmod/rfc3414/service.py b/pysnmp/proto/secmod/rfc3414/service.py
@@ -1048,6 +1048,7 @@ def process_incoming_message(
                             "processIncomingMsg: scopedPduData not plaintext %s"
                             % scopedPduData.prettyPrint()
                         )
+                        self._cache.pop(securityStateReference)
                         raise error.StatusInformation(
                             errorIndication=errind.unknownEngineID
                         )
@@ -1073,6 +1074,7 @@ def process_incoming_message(
                         "processIncomingMsg: will not discover EngineID"
                     )
                     # free securityStateReference XXX
+                    self._cache.pop(securityStateReference)
                     raise error.StatusInformation(
                         errorIndication=errind.unknownEngineID
                     )
@@ -1154,6 +1156,7 @@ def process_incoming_message(
                     "__SNMPv2-MIB", "snmpInGenErrs"
                 )
                 snmpInGenErrs.syntax += 1
+                self._cache.pop(securityStateReference)
                 raise error.StatusInformation(errorIndication=errind.invalidMsg)
         else:
             # empty username used for engineID discovery
@@ -1255,6 +1258,7 @@ def process_incoming_message(
                 if usmUserAuthProtocol in self.AUTH_SERVICES:
                     authHandler = self.AUTH_SERVICES[usmUserAuthProtocol]
                 else:
+                    self._cache.pop(securityStateReference)
                     raise error.StatusInformation(
                         errorIndication=errind.authenticationFailure
                     )
@@ -1346,6 +1350,7 @@ def process_incoming_message(
                         )
                     )
                 else:
+                    self._cache.pop(securityStateReference)
                     raise error.ProtocolError("Peer SNMP engine info missing")
 
             # 3.2.7a
@@ -1417,6 +1422,7 @@ def process_incoming_message(
                     )
                     > 150
                 ):
+                    self._cache.pop(securityStateReference)
                     raise error.StatusInformation(
                         errorIndication=errind.notInTimeWindow, msgUserName=msgUserName
                     )
@@ -1426,11 +1432,13 @@ def process_incoming_message(
             if usmUserPrivProtocol in self.PRIV_SERVICES:
                 privHandler = self.PRIV_SERVICES[usmUserPrivProtocol]
             else:
+                self._cache.pop(securityStateReference)
                 raise error.StatusInformation(
                     errorIndication=errind.decryptionError, msgUserName=msgUserName
                 )
             encryptedPDU = scopedPduData.getComponentByPosition(1)
             if encryptedPDU is None:  # no ciphertext
+                self._cache.pop(securityStateReference)
                 raise error.StatusInformation(
                     errorIndication=errind.decryptionError, msgUserName=msgUserName
                 )
@@ -1494,13 +1502,15 @@ def process_incoming_message(
                 )
 
             if eoo.endOfOctets.isSameTypeWith(scopedPDU):
+                self._cache.pop(securityStateReference)
                 raise error.StatusInformation(
                     errorIndication=errind.decryptionError, msgUserName=msgUserName
                 )
         else:
             # 3.2.8b
             scopedPDU = scopedPduData.getComponentByPosition(0)
             if scopedPDU is None:  # no plaintext
+                self._cache.pop(securityStateReference)
                 raise error.StatusInformation(
                     errorIndication=errind.decryptionError, msgUserName=msgUserName
                 )