talloc & threads in rlm_eap

Arran Cudbard-Bell a.cudbardb at freeradius.org
Fri Jun 20 10:13:49 CEST 2014


On 20 Jun 2014, at 09:02, Arran Cudbard-Bell <a.cudbardb at freeradius.org> wrote:

> 
> On 19 Jun 2014, at 17:39, Phil Mayers <p.mayers at IMPERIAL.AC.UK> wrote:
> 
>> I'm wondering if we're breaking the talloc() threading restrictions in rlm_eap / main/tls.c somewhere?
>> 
>> Specifically, I think tls_new_session can be called from multiple threads at the same time, and that calls talloc with a context of "conf" i.e. the module config, which is not per-thread. The talloc docs say each thread must use a separate context (or, presumably, lock).
>> 
>> I wonder if this is what's triggering the corruption?
>> 
>> Ditto cbtls_new_session (though OpenSSL locking might protect that) and I think a few other places.
> 
> OpenSSL really shouldn't be putting the call to the callback inside the critical section
> in case it blocks or does something else bad. So we probably have to assume callbacks are
> not serialised, and we have to protect them.

Reading through that code, there we no point in using talloc anyway. The buffer is allocated
and freed in the same call.

Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team

FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 881 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-devel/attachments/20140620/fc8a6d59/attachment.pgp>


More information about the Freeradius-Devel mailing list