On 20 Jun 2014, at 09:02, Arran Cudbard-Bell <a.cudbardb@freeradius.org> wrote:
On 19 Jun 2014, at 17:39, Phil Mayers <p.mayers@IMPERIAL.AC.UK> wrote:
I'm wondering if we're breaking the talloc() threading restrictions in rlm_eap / main/tls.c somewhere?
Specifically, I think tls_new_session can be called from multiple threads at the same time, and that calls talloc with a context of "conf" i.e. the module config, which is not per-thread. The talloc docs say each thread must use a separate context (or, presumably, lock).
I wonder if this is what's triggering the corruption?
Ditto cbtls_new_session (though OpenSSL locking might protect that) and I think a few other places.
OpenSSL really shouldn't be putting the call to the callback inside the critical section in case it blocks or does something else bad. So we probably have to assume callbacks are not serialised, and we have to protect them.
Reading through that code, there we no point in using talloc anyway. The buffer is allocated and freed in the same call. Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS Development Team FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2