freeradius-client wrapping gethostby*
Hi, In freeradius-client gethostby* is wrapped in order to be thread-safe. But imho it's done in wrong way causing gethostby* to malfunction. In lib/ip_util.c: _______________________________________________ size_t hostbuflen; char *tmphostbuf; int res; int herr; hostbuflen = 1024; tmphostbuf = malloc(hostbuflen); #endif #endif #ifdef GETHOSTBYNAME_R #if defined (GETHOSTBYNAMERSTYLE_GNU) while ((res = gethostbyname_r(hostname, &hostbuf, tmphostbuf, hostbuflen, &hp, &herr)) == ERANGE) { /* Enlarge the buffer */ hostbuflen *= 2; tmphostbuf = realloc(tmphostbuf, hostbuflen); } free(tmphostbuf); _______________________________________________ Afaik if tmphostbuf is freed the data is gone. The easiest way to fix it which I can think of is thread local storage (TLS), please see the patch. -- Best Regards, Alex Massover VoIP R&D TL Jajah Inc. This mail was sent via Mail-SeCure System.
Hi Alan, After 2 my patches (this and previous) and buffer overflow fix supplied by Dmitry Goncharov (bug 60) I'm able to do millions of iterations with heavy multithreading (hundreds of threads) with static rc_handle (shared to all threads). I haven't read every line, but looks like there's nothing in rc_handle that needs to be protected by mutex. So, I think freeradius-client is ready for MT :) This specific bug (below) appears since 1.1.6 release in 2008, and it affects not only multithreaded programs. It frees memory before reading from it and this happens for every radius request if hostname and not ip is configured. Please consider to take a look at when you have a time.
-----Original Message----- From: freeradius-devel-bounces+alex=jajah.com@lists.freeradius.org [mailto:freeradius-devel-bounces+alex=jajah.com@lists.freeradius.org] On Behalf Of Alex Massover Sent: יום ב 08 מרץ 2010 20:30 To: FreeRadius developers mailing list Subject: freeradius-client wrapping gethostby*
Hi,
In freeradius-client gethostby* is wrapped in order to be thread-safe. But imho it's done in wrong way causing gethostby* to malfunction.
In lib/ip_util.c: _______________________________________________ size_t hostbuflen; char *tmphostbuf; int res; int herr;
hostbuflen = 1024; tmphostbuf = malloc(hostbuflen); #endif #endif
#ifdef GETHOSTBYNAME_R #if defined (GETHOSTBYNAMERSTYLE_GNU) while ((res = gethostbyname_r(hostname, &hostbuf, tmphostbuf, hostbuflen, &hp, &herr)) == ERANGE) { /* Enlarge the buffer */ hostbuflen *= 2; tmphostbuf = realloc(tmphostbuf, hostbuflen); } free(tmphostbuf); _______________________________________________
Afaik if tmphostbuf is freed the data is gone.
The easiest way to fix it which I can think of is thread local storage (TLS), please see the patch.
-- Best Regards, Alex Massover VoIP R&D TL Jajah Inc.
This mail was sent via Mail-SeCure System.
This mail was received via Mail-SeCure System.
This mail was sent via Mail-SeCure System.
participants (2)
-
Alan DeKok -
Alex Massover