Bug#1089629: Freeradius memory leak after upgrade to Debian 12

[ATIC Sistemas Rede]

Hi,

We've tested with freeradius 3.2.6 in preproduction enviroment.
We've installed these packages from bookworm-backports target release (*).
In debug mode (freeradius -X) we could see several warnings like this (**).
Authentication EAP-TTLS-PAP seems to work fine.
We could make an effort and test in production next week.
The memory issue manifests after several weeks; we need a guarantee of proper 
functionality during this time.
The warning seems serious. Could you give us any advice about this?

Thanks

(*)

        ii  freeradius 3.2.6+dfsg-2~bpo12+1           amd64        
high-performance and highly configurable RADIUS server
        ii  freeradius-common 3.2.6+dfsg-2~bpo12+1           all          
FreeRADIUS common files
        ii  freeradius-config 3.2.6+dfsg-2~bpo12+1           amd64        
FreeRADIUS default config files
        ii  freeradius-ldap 3.2.6+dfsg-2~bpo12+1           amd64        LDAP 
module for FreeRADIUS server
        ii  freeradius-utils 3.2.6+dfsg-2~bpo12+1           amd64        
FreeRADIUS client utilities
        ii  libfreeradius3 3.2.6+dfsg-2~bpo12+1           amd64        
FreeRADIUS shared library

(**)

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!! libldap is using GnuTLS, while FreeRADIUS is using OpenSSL
!! There may be random issues with TLS connections due to this conflict.
!! The server may also crash.
!! See https://wiki.freeradius.org/modules/Rlm_ldap for more information.
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!


El 6/1/25 a las 15:58, Bernhard Schmidt escribió:

[No suele recibir correo electrónico de be...@debian.org. Descubra por qué esto 
es importante en https://aka.ms/LearnAboutSenderIdentification ]

Hi,

>

Our RADIUS service primarily provides authentication for a Wi-Fi network
that uses the EAP-TTLS-PAP method.
Used modules include, among others, eap, ldap, linelog, pap, and sql_log.
Over 13K different users are authenticated daily.
In Debian 11, freeradius service had stable memory consumption.
After performing a dist-upgrade to Debian 12, freeradius consumes memory
without limit.

You are the first to report it, but that does not make it wrong.

Could you test with the 3.2.6 upstream version in bookworm-backports as
well? This is the current upstream version, if it happens there as well
we might have a change of upstream taking care of it.

Bernhard

--
Subdirección de Infraestruturas - Sistemas de rede
Área de Tecnoloxías da Información e Comunicacións

Universidade de Santiago de Compostela
15782 Santiago de Compostela
http://www.usc.es/atic/sistemas