How are TLS session freed when the exchange fails?

Yannick Koehler yannick at koehler.name
Tue Feb 18 21:20:52 CET 2014


Hi,

  First, I am new to this mailing list, so I am trying to be extra
careful.  I am using FreeRADIUS locally and its memory in a particular
situation keep increasing by a lot.  Basically, I see a RADIUS
exchange that fails (timeout) before reaching the ACCEPT/REJECT.  I
traced the memory and debugged a lot to find out that the
tls_new_session() inside tls.c is invoked and allocated a
tls_session_t of 64k, then that structure is kept in memory without
any means that I could found to be cleared when the RADIUS exchanged
terminate abruptly.

  I can repeat this over and over and there appear to be no limit as
to how much FreeRADIUS can steal from my main memory.  Considering
that I saw that memory leak in the past are seen as security issue, I
am therefore wondering if I am right or not.  I could not find any
timeout or clean up behavior to ensure that first the number of TLS
session is capped and second that if the RADIUS exchange is stopped
before the end that the associated tls session gets cleared, so I help
here would be appreciated.

 One could reproduce something like that by sending a RADIUS Access
Request with a EAP Identity Response and at the reception of the
RADIUS Access Challenge, just ignore it and keep sending new RADIUS
Access Request with new EAP Identity Response.

-- 
Yannick Koehler


More information about the Freeradius-Devel mailing list