seg fault in eap-ttls

duffy reg.marcos at yahoo.it
Mon Jun 3 17:25:41 CEST 2013 

i'm sorry, this is my full bt:

(6) Found Auth-Type = EAP
(6) # Executing group from file /etc/raddb/sites-enabled/default
(6)   group authenticate {
(6)  - entering group authenticate {...}
(6) eap : Expiring EAP session with state 0x694fbb9b6c3aae1a
(6) eap : Finished EAP session with state 0x694fbb9b6c3aae1a
(6) eap : Previous EAP request found for state 0x694fbb9b6c3aae1a, 
released from the list
(6) eap : Peer sent TTLS (21)
(6) eap : EAP TTLS (21)
(6) eap : Calling eap_ttls to process EAP data
(6) eap_ttls : Authenticate
(6) eap_ttls : processing EAP-TLS
(6) eap_ttls : eaptls_verify returned 7
(6) eap_ttls : Done initial handshake
(6) eap_ttls : eaptls_process returned 7
(6) eap_ttls : Session established.  Proceeding to decode tunneled 
attributes.

Program received signal SIGSEGV, Segmentation fault.
paircursorc (cursor=0x7fffffffcbc0, node=0x7fffffffcbf0) at 
src/lib/valuepair.c:233
233                     cursor->next = cursor->current->next;
Missing separate debuginfos, use: debuginfo-install 
freeradius-3.0.0-16.el6.x86_64
#0  paircursorc (cursor=0x7fffffffcbc0, node=0x7fffffffcbf0) at 
src/lib/valuepair.c:233
No locals.
#1  0x00007fffeebc4717 in diameter2vp (handler=0xaf9ac0, 
tls_session=0xbc63d0) at src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c:152
         offset = <value optimized out>
         size = <value optimized out>
         p = <value optimized out>
         first = <value optimized out>
         packet = 0xb7e9d0
         out = {first = 0x7fffffffcbf0, found = 0x0, last = 0x0, current 
= 0x40, next = 0x0}
         attr = <value optimized out>
         data_left = 108
         vp = <value optimized out>
         vendor = <value optimized out>
         length = <value optimized out>
#2  eapttls_process (handler=0xaf9ac0, tls_session=0xbc63d0) at 
src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c:996
         rcode = 3
         fake = 0x40
         vp = <value optimized out>
         t = 0xb7ef00
         data = 0xbca50c ""
         data_len = 108
         request = 0xb7ec60
#3  0x00007fffeebc38a4 in mod_authenticate (arg=0x9ca1d0, 
handler=0xaf9ac0) at 
src/modules/rlm_eap/types/rlm_eap_ttls/rlm_eap_ttls.c:341
         rcode = <value optimized out>
         status = FR_TLS_OK
         inst = 0x9ca1d0
         tls_session = 0xbc63d0
         t = 0x0
         request = 0xb7ec60
#4  0x00007fffef5d7cc6 in eap_module_call (module=0x9c4eb0, 
handler=0xaf9ac0) at src/modules/rlm_eap/eap.c:217
         rcode = 1
         request = 0xb7ec60
         caller = 0x9a7520 "eap"
#5  0x00007fffef5d8357 in eap_method_select (inst=0x9a7f00, 
handler=0xaf9ac0) at src/modules/rlm_eap/eap.c:473
         type = 0xb7ba90
         request = 0xb7ec60
         next = PW_EAP_MD5
         vp = <value optimized out>
#6  0x00007fffef5d6a25 in mod_authenticate (instance=<value optimized 
out>, request=0xb7ec60) at src/modules/rlm_eap/rlm_eap.c:302
         inst = 0x9a7f00
         handler = 0xaf9ac0
         eap_packet = 0x0
         status = <value optimized out>
         rcode = <value optimized out>
#7  0x000000000041d949 in call_modsingle (component=0, c=<value 
optimized out>, request=<value optimized out>) at src/main/modcall.c:306
         myresult = <value optimized out>
         blocked = <value optimized out>
#8  modcall (component=0, c=<value optimized out>, request=<value 
optimized out>) at src/main/modcall.c:792
         cursor = {first = 0x400, found = 0xbdf070, last = 0x79ecfc, 
current = 0x3, next = 0x3000000028}
         myresult = <value optimized out>
         mypriority = 0
         stack = {pointer = 1, priority = {0 <repeats 32 times>}, result 
= {0 <repeats 32 times>}, children = {<value optimized out> <repeats 32 
times>}, start = {
             <value optimized out> <repeats 32 times>}}
         parent = 0x9fb7e0
         child = 0x9fb6e0
         sp = 0x9fb6e0
         if_taken = 0
         was_if = 0
#9  0x0000000000419853 in indexed_modcall (comp=0, idx=6, 
request=0xb7ec60) at src/main/modules.c:733
         rcode = <value optimized out>
         list = 0x9fb7e0
         server = 0x9fb600
#10 0x000000000040c93b in rad_check_password (request=0xb7ec60) at 
src/main/auth.c:252
         cursor = {first = 0xb7ec88, found = 0xbdf0e0, last = 0x0, 
current = 0x0, next = 0x0}
         auth_type_pair = <value optimized out>
         auth_type = 6
         auth_type_count = 1
         result = 0
#11 rad_authenticate (request=0xb7ec60) at src/main/auth.c:512
         namepair = 0xb845b0
         check_item = <value optimized out>
         auth_item = 0x0
         module_msg = <value optimized out>
         tmp = <value optimized out>
         result = <value optimized out>
         autz_retry = <value optimized out>
         autz_type = <value optimized out>
#12 0x00000000004290e1 in request_running (request=0xb7ec60, action=1) 
at src/main/process.c:1193
         __FUNCTION__ = "request_running"
#13 0x0000000000428c06 in request_queue_or_run (request=0xb7ec60, 
process=0x428f40 <request_running>) at src/main/process.c:830
         when = {tv_sec = 1370272850, tv_usec = 862583}
#14 0x000000000042ae4b in request_receive (listener=0xaf89b0, 
packet=0xb7e370, client=0x985ee0, fun=0x40c260 <rad_authenticate>) at 
src/main/process.c:1385
         count = <value optimized out>
         packet_p = <value optimized out>
         request = 0xb7ec60
         now = {tv_sec = 1370272850, tv_usec = 529246}
         sock = <value optimized out>
#15 0x0000000000416ad3 in auth_socket_recv (listener=0xaf89b0) at 
src/main/listen.c:1447
         rcode = <value optimized out>
         code = 1
         src_port = 1814
         packet = 0xb7e370
         fun = 0x40c260 <rad_authenticate>
         client = 0x985ee0
         src_ipaddr = {af = 2, ipaddr = {ip4addr = {s_addr = 521606316}, 
ip6addr = {__in6_u = {__u6_addr8 = 
"\254\024\027\037$\237B\000\000\000\000\000\067\000\000", __u6_addr16 = {
                   5292, 7959, 40740, 66, 0, 0, 55, 0}, __u6_addr32 = 
{521606316, 4366116, 0, 55}}}}, scope = 0}
#16 0x000000000042521a in event_socket_handler (xel=<value optimized 
out>, fd=<value optimized out>, ctx=0xaf89b0) at src/main/process.c:3491
         listener = 0xaf89b0
#17 0x00007ffff73b8fbb in fr_event_loop (el=0xaea650) at src/lib/event.c:414
         ef = <value optimized out>
         i = <value optimized out>
         rcode = 1
         maxfd = 49
         when = {tv_sec = 1370272850, tv_usec = 743746}
         wake = <value optimized out>
         read_fds = {fds_bits = {281474976710656, 0 <repeats 15 times>}}
         master_fds = {fds_bits = {985162418487296, 0 <repeats 15 times>}}
#18 0x000000000041e74c in main (argc=<value optimized out>, argv=<value 
optimized out>) at src/main/radiusd.c:468
         rcode = <value optimized out>
         argval = <value optimized out>
         spawn_flag = 0
         dont_fork = 1
         write_pid = 0
         flag = 0
         act = {__sigaction_handler = {sa_handler = 0x41eac0 
<sig_fatal>, sa_sigaction = 0x41eac0 <sig_fatal>}, sa_mask = {__val = {0 
<repeats 16 times>}}, sa_flags = 0, sa_restorer = 0}
(gdb)


Il 03/06/13 15.28, Alan DeKok ha scritto:
> duffy wrote:
>> hi list!
>> i found something wrong in eap_ttls from today's master. this is my
>> output...
>
>    What does "bt" say in gdb?  See doc/bugs
>
>    It's nice to know that it SEGV'd.  But it's better to know *where* in
> TTLS the problem is.
>
>    Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html
>

More information about the Freeradius-Devel mailing list