On 10/20/2011 01:25 PM, Alan DeKok wrote:
Phil Mayers wrote:
Oops; I applied the patch in c145c7dabbd48 to my 2.1.12 servers, and last night we had a segfault after running fine for several hours. I restarted under GDB and caught a backtrace:
#0 paircopyvp (vp=0x101010101010101) at valuepair.c:327
That's not a real pointer...
I've pushed a "fix". It sets the cached VP pointer to NULL when it gets deleted. That may help...
Otherwise, it's an OpenSSL bug for it to return an invalid pointer.
I'm looking at the code for handling SSL sessions, and I'm not sure it's right with regards reference counting. I'm comparing it with the code in mod_ssl, which I'm assuming is definitely right; in their "delete" callback, they don't call SSL_SESSION_free(). They also return "0" from their "new" callback, indicating as they say: /* * return 0 which means to OpenSSL that the pNew is still * valid and was not freed by us with SSL_SESSION_free(). */ return 0; Are we sure the session code is doing the right things? Of course, the crappy OpenSSL API is really, really badly documented so it's hard to be sure...
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html