freeradius-client wrapping gethostby*

Alex Massover alex at jajah.com
Wed Mar 10 12:42:57 CET 2010


Hi Alan,

After 2 my patches (this and previous) and buffer overflow fix supplied by Dmitry Goncharov (bug 60) I'm able to do millions of iterations with heavy multithreading (hundreds of threads) with static rc_handle (shared to all threads).

I haven't read every line, but looks like there's nothing in rc_handle that needs to be protected by mutex.

So, I think freeradius-client is ready for MT :)


This specific bug (below) appears since 1.1.6 release in 2008, and it affects not only multithreaded programs. It frees memory before reading from it and this happens for every radius request if hostname and not ip is configured.

Please consider to take a look at when you have a time.


> -----Original Message-----
> From: freeradius-devel-bounces+alex=jajah.com at lists.freeradius.org
> [mailto:freeradius-devel-bounces+alex=jajah.com at lists.freeradius.org]
> On Behalf Of Alex Massover
> Sent: יום ב 08 מרץ 2010 20:30
> To: FreeRadius developers mailing list
> Subject: freeradius-client wrapping gethostby*
> 
> Hi,
> 
> In freeradius-client gethostby* is wrapped in order to be thread-safe.
> But imho it's done in wrong way causing gethostby* to malfunction.
> 
> In lib/ip_util.c:
> _______________________________________________
> 	size_t	hostbuflen;
> 	char	*tmphostbuf;
> 	int	res;
> 	int	herr;
> 
> 	hostbuflen = 1024;
> 	tmphostbuf = malloc(hostbuflen);
> #endif
> #endif
> 
> #ifdef GETHOSTBYNAME_R
> #if defined (GETHOSTBYNAMERSTYLE_GNU)
> 	while ((res = gethostbyname_r(hostname, &hostbuf, tmphostbuf,
> hostbuflen, &hp, &herr)) == ERANGE)
> 	{
> 		/* Enlarge the buffer */
> 		hostbuflen *= 2;
> 		tmphostbuf = realloc(tmphostbuf, hostbuflen);
> 	}
> 	free(tmphostbuf);
> _______________________________________________
> 
> 
> Afaik if tmphostbuf is freed the data is gone.
> 
> The easiest way to fix it which I can think of is thread local storage
> (TLS), please see the patch.
> 
> --
> Best Regards,
> Alex Massover
> VoIP R&D TL
> Jajah Inc.
> 
> 
> 
> This mail was sent via Mail-SeCure System.
> 
> 
> 
> This mail was received via Mail-SeCure System.
> 


This mail was sent via Mail-SeCure System.






More information about the Freeradius-Devel mailing list