Another leak: tls_new_client_session

Alan DeKok aland at
Wed Mar 4 15:52:09 CET 2015

On Mar 3, 2015, at 5:07 PM, Sam Hartman <hartmans at> wrote:
> First, where does SSL_free get called for the ssl created in
> tls_new_client_session?  It seems that a talloc destructor is used for
> tls_new_session, but I don't see the logic that causes the session state
> to be freed for  client sessions?

  The underlying issue seems to be the function proxy_new_listener().  It called tls_new_client_session(), but didn’t set the parent properly.  I’ll push a fix.

> Secondly, I seem to be getting tls_new_client_session objects leaking
> some of the time.  Causing errors like killing the process on the other
> end of the connection makes it more likely.  I'm judging this because I
> do have a few sessions allocated on tls.c line 219 still around even
> after I've shut down the home server that the tls_session was for.

  Yeah, it’s a parenting issue.

> Why is the TLS client session hanging off the configuration talloc
> context not a socket context of some kind?

  Bad code.  I’ve pushed a fix.

  Alan DeKok.

More information about the Freeradius-Devel mailing list