Crashes in 2.1.8 when handling received auth packets
Alan DeKok
aland at deployingradius.com
Tue Feb 2 20:25:10 CET 2010
John Morrissey wrote:
> We recently upgraded from 2.0.4 to 2.1.8 and are now noticing occasional
> segfaults when handling received auth packets. Representative backtraces are
> below. In all cases, all threads are idle except one, which is receiving an
> auth packet.
Ugh. This looks like:
https://bugs.freeradius.org/bugzilla/show_bug.cgi?id=35
> In the first case, auth_socket_recv() passes a NULL packet to
> received_request(), which is strange since auth_socket_recv() checks for
> that case immediately before.
Yup.
> In the second case, received_request() gets a bogus pointer to the packet,
> apparently from rad_recv().
Which should never happen.
> I'm always hesitant to trust backtraces from optimized binaries, but the
> code paths relative to the packet pointers being passed around are bizarre
> and strike me as stack or heap corruption.
>
> Any ideas?
Cry.
I've run *billions* of packets through the server in a variety of
environments in an attempt to reproduce bug #35. No luck.
I don't know what to say at this point...
Alan DeKok.
More information about the Freeradius-Devel
mailing list