[RADIATOR] Memory Leak on RHEL 8.5

[Wolfgang Breyha]

Hi!

Thanks for your fast response in the first place!

On 05/04/2022 19:44, Heikki Vatiainen wrote:
> On 4.4.2022 21.14, Wolfgang Breyha wrote:
> Hello Wolfgang, we can reproduce this with RHEL 8.5 and AlmaLinux and Rocky
> Linux too. With RHEL 9 beta the problem doesn't occur and memory usage is
> stable.

That proves that Rocky/Alma are indeed "100% bug-for-bug" compatible;-)

As a first step I tried to reduce my test config to yours. But this raised
some questions...

>> I then start eapol_test (from wpa_supplicant RPM) with a config of
>> network={
>> eap=PEAP
>> eapol_flags=0
>> key_mgmt=IEEE8021X
>> identity="testuser"
>> anonymous_identity="anonymous"
>> password="testpass"
>> ca_cert="/etc/pki/tls/cert.pem"
>> phase2="auth=MSCHAPV2"
>> }
>> in a loop and can watch radiusd eating memory.
> 
> I used exactly the same config with my testing. I even used eapol_test that
> comes with 'yum install wpa_supplicant', but I don't think eapol_test
> version matters.

Did you really use this unmodified and if yes, was cert.pem the system file
our the test CA? I was not able to successfully AUTH without the test CA here.

>     EAPTLS_PrivateKeyFile %D/key.pem

I assumed that this is a copy of the key in crt-serv.pem without
passphrase. Otherwise radiusd complains about the key and can't do TLS
handshakes at all.

With these changes I'm able to use eapol_test successfully and the leaks
occur fast enough. And valgrind reports a lot of leaks in SSL_context.

I'm not that experienced using valgrind and did just what most "how-to"s
suggest;-)

I'm using the RHEL8 valgrind RPM and start radiusd with:
# valgrind --log-file=/tmp/val.log --leak-check=yes perl /opt/radiator
/radiator/radiusd -foreground -no_pid_file -config_file leak_test.cfg

Then I call eapol_test in a bash for loop 1..1000. After stopping radiusd
val.log contains several references to SSL_, X509, ASN1_.

I will try to take a closer look to RH supplied openssl now.

Greetings, Wolfgang