Bad talloc magic value inside tls.c:sess_free_vps
Phil Mayers
p.mayers at imperial.ac.uk
Tue Jun 24 18:47:28 CEST 2014
(Starting a new thread to keep mailreader depth sane)
#4 0x00007f666e6ef97a in _fr_talloc_fault (reason=0x36ad408378 "Bad
talloc magic value - unknown value") at src/lib/debug.c:561
#5 0x00000036ad402df1 in talloc_abort_unknown_value (ptr=<value
optimized out>) at ../talloc.c:341
#6 talloc_chunk_from_ptr (ptr=<value optimized out>) at ../talloc.c:360
#7 talloc_get_name (ptr=<value optimized out>) at ../talloc.c:1153
#8 0x00000036ad4057eb in _talloc_get_type_abort (ptr=0x7f662c091dd0,
name=0x7f666e714bdb "VALUE_PAIR", location=0x7f666e714bc7
"src/lib/debug.c:817") at ../talloc.c:1206
#9 0x00007f666e6f0104 in fr_verify_vp (file=0x7f666e7144f0
"src/lib/cursor.c", line=151, vp=0x7f662c091dd0) at src/lib/debug.c:817
#10 0x00007f666e6eec3f in fr_cursor_next (cursor=0x7f666a584490) at
src/lib/cursor.c:151
#11 0x00007f666e70b75e in pairfree (vps=0x7f666a584508) at
src/lib/valuepair.c:169
#12 0x00000000004493d6 in sess_free_vps (parent=0x7f664c0b76f0,
data_ptr=0x7f662c07b140, ad=0x7f664c0b78e8, idx=0, argl=0, argp=0x0) at
src/main/tls.c:1986
#13 0x00000037a0c6a68a in ?? () from /usr/lib64/libcrypto.so.10
#14 0x00000037a7c466bc in SSL_SESSION_free () from /usr/lib64/libssl.so.10
#15 0x00000037a7c445cd in SSL_free () from /usr/lib64/libssl.so.10
#16 0x000000000044624f in session_close (ssn=0x7f6644063950) at
src/main/tls.c:599
At a guess, this is wrong:
https://github.com/FreeRADIUS/freeradius-server/blob/v3.0.x/src/modules/rlm_eap/libeap/eap_tls.c#L112
...because FR_TLS_EX_INDEX_TALLOC is used to parent the VPs paircopy'ed in:
https://github.com/FreeRADIUS/freeradius-server/blob/v3.0.x/src/main/tls.c#L2676
I spent a bit of time looking at this earlier; the lifecycle of some of
these objects is really really really hard to follow, both because
OpenSSL is a bit weird, and because the naming of the FR TLS stuff is
used in different ways to similarly-named objects inside OpenSSL.
Summary for my own notes:
OpenSSL:
SSL_CTX* is an OpenSSL object containing the certs/keys/settings, that
creates an...
SSL* is an OpenSSL "connection" i.e. an SSL handshake, that creates or
uses a cached...
SSL_SESSION* is a negotiated OpenSSL master key & algos
FreeRADIUS
tls_session_t is an OpenSSL SSL* i.e. connection plus some bits i.e.
the BIOs to feed into/out of OpenSS
eap_handler_t is an EAP exchange; it's keyed off State which mutates
on every round trip. It contains a bunch of eap counter stuff and the
tls_session_t
Given that sess_free_vps() is called by OpenSSL when the session goes
away, I guess we don't need to parent the cached VPs to anything; ditto
the cached certs?
Certainly don't want to parent the vps/certs to handler or
tls_session_t; those have shorter lifetimes than SSL_SESSION* objects.
More information about the Freeradius-Devel
mailing list