talloc & threads in rlm_eap

Alan DeKok aland at deployingradius.com
Mon Jun 23 23:26:20 CEST 2014


Phil Mayers wrote:
> In that particular case it was an access-after-free; I think maybe
> (ironically) the request_running() VERIFY_REQUEST() call is walking the
> vps at the same time the child thread is running through them?

  Yes.

> Are we (well, I) actually seeing access-after-free being triggered by
> the VERIFY_* stuff? Which wouldn't happen in a release build?

  Yes.

> That said I'm not seeing the locking or lock-free primitives which would
> ensure a request isn't accessed from main & worker thread; what's to
> stop a child thread updating request->child_state at the same time
> request_process_timer reading it?

  There are none.  The main thread ignores the request for most values
of request->child_state.  The child updates request->child_state
carefully, so that the main thread doesn't blow up.

  Alan DeKok.


More information about the Freeradius-Devel mailing list