search

FreeRADIUS / freeradius-client

A BSD licenced RADIUS client library
http://freeradius.org/freeradius-client/
Other
143 stars 100 forks source link

Memory Leak in version 1.1.7 #78

Closed kevincurtis-at-farsite closed 6 years ago

kevincurtis-at-farsite commented 6 years ago

We use the freeradius-client for very simple authentication in one of our Daemon processes. We have noted that there is a small memory leak when authentication requests are sent but time out. There does not appear ti=o be an issue when the requests are responded to. Is this a know issue? Is there a patch? Is there a release later than 1.1.7 we could try?

arr2036 commented 6 years ago

Try the HEAD of this repository, otherwise run under valgrind?

kevincurtis-at-farsite commented 6 years ago

Hi, thanks for your reply. I haven't tried the latest source (from HEAD) yet, but I have noted that there are differences between the version that I am using (freeradius-client-1.1.7) and the version in GIT.

I did run valigrind on my test application for three test cases. One where authentication succeeds, ones where it fails and one where it times out. The test program performs 20 authentication requests, no retries, 1 second timeout. The output is as follows:

Test 1 Authentication success

-bash-3.2# valgrind --leak-check=full ./radexample username1 username1 10.0.97.34 1812 mySecret 0 1 20 ==9613== Memcheck, a memory error detector. ==9613== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al. ==9613== Using LibVEX rev 1732, a library for dynamic binary translation. ==9613== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP. ==9613== Using valgrind-3.2.3, a dynamic binary instrumentation framework. ==9613== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al. ==9613== For more details, rerun with: -v ==9613== 

Radius Authentication example V1.0

>> Using username of username1 and password of username1
>> Auth Server is (10.0.97.34) on port (1812) using secret (mySecret)
>> number of retries is 0 and the response timeout is 1 seconds loopcount = 20

Start auth request 0: username1 username1 1812 0 0: Authentication requested started on thread 0 Waiting 1 1 1 1.... Processing Authentication result for thread 0 Authentication succeded Start auth request 0: username1 username1 1812 0 1: Authentication requested started on thread 0 Waiting 1 1 1 1.... Processing Authentication result for thread 0 Authentication succeded Start auth request 0: username1 username1 1812 0 2: Authentication requested started on thread 0 Waiting 1 1 1 1.... Processing Authentication result for thread 0 Authentication succeded

0 19: Authentication requested started on thread 0 Waiting 1 1 1 1.... Processing Authentication result for thread 0 Authentication succeded ==9613== ==9613== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 21 from 1) ==9613== malloc/free: in use at exit: 880 bytes in 5 blocks. ==9613== malloc/free: 4,052 allocs, 4,047 frees, 479,791 bytes allocated. ==9613== For counts of detected errors, rerun with: -v ==9613== searching for pointers to 5 not-freed blocks. ==9613== checked 399,268 bytes. ==9613== ==9613== LEAK SUMMARY: ==9613== definitely lost: 0 bytes in 0 blocks. ==9613== possibly lost: 0 bytes in 0 blocks. ==9613== still reachable: 880 bytes in 5 blocks. ==9613== suppressed: 0 bytes in 0 blocks. ==9613== Reachable blocks (those to which a pointer was found) are not shown. ==9613== To see them, rerun with: --leak-check=full --show-reachable=yes -bash-3.2# Test 2 - Authentication Failure ------ -bash-3.2# valgrind --leak-check=full ./radexample username1 badpasswd 10.0.97.34 1812 mySecret 0 1 20 ==9634== Memcheck, a memory error detector. ==9634== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al. ==9634== Using LibVEX rev 1732, a library for dynamic binary translation. ==9634== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP. ==9634== Using valgrind-3.2.3, a dynamic binary instrumentation framework. ==9634== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al. ==9634== For more details, rerun with: -v ==9634== Radius Authentication example V1.0 >> Using username of username1 and password of badpasswd >> Auth Server is (10.0.97.34) on port (1812) using secret (mySecret) >> number of retries is 0 and the response timeout is 1 seconds loopcount = 20 Start auth request 0: username1 badpasswd 1812 0 0: Authentication requested started on thread 0 Waiting 1 1 1 1.... Waiting 1 1 1 1.... Processing Authentication result for thread 0 **** Authentication attempt rejected **** Start auth request 0: username1 badpasswd 1812 0 1: Authentication requested started on thread 0 Waiting 1 1 1 1.... Waiting 1 1 1 1.... Processing Authentication result for thread 0 **** Authentication attempt rejected **** 0 19: Authentication requested started on thread 0 Waiting 1 1 1 1.... Waiting 1 1 1 1.... Processing Authentication result for thread 0 **** Authentication attempt rejected **** ==9634== ==9634== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 21 from 1) ==9634== malloc/free: in use at exit: 880 bytes in 5 blocks. ==9634== malloc/free: 4,052 allocs, 4,047 frees, 479,791 bytes allocated. ==9634== For counts of detected errors, rerun with: -v ==9634== searching for pointers to 5 not-freed blocks. ==9634== checked 399,268 bytes. ==9634== ==9634== LEAK SUMMARY: ==9634== definitely lost: 0 bytes in 0 blocks. ==9634== possibly lost: 0 bytes in 0 blocks. ==9634== still reachable: 880 bytes in 5 blocks. ==9634== suppressed: 0 bytes in 0 blocks. ==9634== Reachable blocks (those to which a pointer was found) are not shown. ==9634== To see them, rerun with: --leak-check=full --show-reachable=yes Test 3 - Authentication Timed out ------- -bash-3.2# valgrind --leak-check=full ./radexample username1 username1 10.0.97.35 1812 mySecret 0 1 20 ==9655== Memcheck, a memory error detector. ==9655== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al. ==9655== Using LibVEX rev 1732, a library for dynamic binary translation. ==9655== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP. ==9655== Using valgrind-3.2.3, a dynamic binary instrumentation framework. ==9655== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al. ==9655== For more details, rerun with: -v ==9655== Radius Authentication example V1.0 >> Using username of username1 and password of username1 >> Auth Server is (10.0.97.35) on port (1812) using secret (mySecret) >> number of retries is 0 and the response timeout is 1 seconds loopcount = 20 Start auth request 0: username1 username1 1812 0 0: Authentication requested started on thread 0 Waiting 1 1 1 1.... Waiting 1 1 1 1.... Processing Authentication result for thread 0 **** Authentication attempt timed out **** Start auth request 0: username1 username1 1812 0 1: Authentication requested started on thread 0 Waiting 1 1 1 1.... Waiting 1 1 1 1.... Processing Authentication result for thread 0 **** Authentication attempt timed out **** 0 19: Authentication requested started on thread 0 Waiting 1 1 1 1.... Waiting 1 1 1 1.... Processing Authentication result for thread 0 **** Authentication attempt timed out **** ==9655== ==9655== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 23 from 1) ==9655== malloc/free: in use at exit: 21,396 bytes in 26 blocks. ==9655== malloc/free: 4,364 allocs, 4,338 frees, 857,862 bytes allocated. ==9655== For counts of detected errors, rerun with: -v ==9655== searching for pointers to 26 not-freed blocks. ==9655== checked 399,268 bytes. ==9655== ==9655== 36 bytes in 1 blocks are definitely lost in loss record 4 of 7 ==9655== at 0x40214B0: malloc (vg_replace_malloc.c:149) ==9655== by 0x4160E69: nss_parse_service_list (in /lib/libc-2.5.1.so) ==9655== by 0x416170F: __nss_database_lookup (in /lib/libc-2.5.1.so) ==9655== by 0x41625BE: __nss_hosts_lookup (in /lib/libc-2.5.1.so) ==9655== by 0x4165F69: gethostbyaddr_r@@GLIBC_2.1.2 (in /lib/libc-2.5.1.so) ==9655== by 0x4032727: rc_gethostbyaddr (ip_util.c:101) ==9655== by 0x40327A6: rc_ip_hostname (ip_util.c:212) ==9655== by 0x402DEB4: rc_send_server (sendserver.c:377) ==9655== by 0x402C882: rc_aaa (buildreq.c:136) ==9655== by 0x402CD1A: rc_auth (buildreq.c:193) ==9655== by 0x80490E9: post_authentication_request (in /work/radius/freeradius-client-1.1.7/src/kevin/radexample) ==9655== by 0x408062A: start_thread (in /lib/libpthread-2.5.1.so) ==9655== ==9655== ==9655== 20,480 bytes in 20 blocks are definitely lost in loss record 7 of 7 ==9655== at 0x40214B0: malloc (vg_replace_malloc.c:149) ==9655== by 0x403274D: rc_gethostbyaddr (ip_util.c:95) ==9655== by 0x40327A6: rc_ip_hostname (ip_util.c:212) ==9655== by 0x402DEB4: rc_send_server (sendserver.c:377) ==9655== by 0x402C882: rc_aaa (buildreq.c:136) ==9655== by 0x402CD1A: rc_auth (buildreq.c:193) ==9655== by 0x80490E9: post_authentication_request (in /work/radius/freeradius-client-1.1.7/src/kevin/radexample) ==9655== by 0x408062A: start_thread (in /lib/libpthread-2.5.1.so) ==9655== by 0x4151D5D: clone (in /lib/libc-2.5.1.so) ==9655== ==9655== LEAK SUMMARY: ==9655== definitely lost: 20,516 bytes in 21 blocks. ==9655== possibly lost: 0 bytes in 0 blocks. ==9655== still reachable: 880 bytes in 5 blocks. ==9655== suppressed: 0 bytes in 0 blocks. ==9655== Reachable blocks (those to which a pointer was found) are not shown. ==9655== To see them, rerun with: --leak-check=full --show-reachable=yes I will try the latest code tomorrow. Kevin
kevincurtis-at-farsite commented 6 years ago

This version did indeed seem to resolve the memory leak issue. It also required some additional lines to be added to /etc/services for the radius client

Thanks for the help

mcpat commented 6 years ago

This issue should be closed.