SEGV in 3.0.11

Phil Mayers p.mayers at imperial.ac.uk
Tue Mar 15 16:25:08 CET 2016


On 15/03/16 14:46, Phil Mayers wrote:
> On 15/03/16 14:22, Phil Mayers wrote:
>
>> Will try 3.0 HEAD.
>
> Bah. github being extremely extremely slow (50kB/s). Ran out of time
> today. Will have to revisit another time.
>

Finally. Good grief...

Valgrind reckons:

(10)       sql_groupcmp finished: User is NOT a member of group BANNED
==2930== Invalid read of size 8
==2930==    at 0x4C2B6D8: paircompare (pair.c:625)
==2930==    by 0x4C1CF76: cond_cmp_values (evaluate.c:315)
==2930==    by 0x4C1D7C4: cond_normalise_and_cmp (evaluate.c:585)
==2930==    by 0x4C1DC33: radius_evaluate_map (evaluate.c:654)
==2930==    by 0x4C1DE40: radius_evaluate_cond (evaluate.c:750)
==2930==    by 0x425D6B: modcall_recurse (modcall.c:479)
==2930==    by 0x427039: modcall_child (modcall.c:408)
==2930==    by 0x425DF4: modcall_recurse (modcall.c:785)
==2930==    by 0x427039: modcall_child (modcall.c:408)
==2930==    by 0x425DF4: modcall_recurse (modcall.c:785)
==2930==    by 0x426FD2: modcall (modcall.c:1130)
==2930==    by 0x420534: indexed_modcall (modules.c:1028)
==2930==  Address 0xa130458 is 88 bytes inside a block of size 160 free'd
==2930==    at 0x4A06430: free (vg_replace_malloc.c:446)
==2930==    by 0x3D36C02388: _talloc_free_internal (talloc.c:876)
==2930==    by 0x4E5637B: fr_pair_list_free (pair.c:134)
==2930==    by 0x4C1C7FF: radius_pairmove (evaluate.c:1055)
==2930==    by 0x850500D: sql_set_user (rlm_sql.c:502)
==2930==    by 0x8506876: sql_groupcmp (rlm_sql.c:600)
==2930==    by 0x4C2B62B: paircompare (pair.c:576)
==2930==    by 0x4C1CF76: cond_cmp_values (evaluate.c:315)
==2930==    by 0x4C1D7C4: cond_normalise_and_cmp (evaluate.c:585)
==2930==    by 0x4C1DC33: radius_evaluate_map (evaluate.c:654)
==2930==    by 0x4C1DE40: radius_evaluate_cond (evaluate.c:750)
==2930==    by 0x425D6B: modcall_recurse (modcall.c:479)

Looks like rlm_sql is doing something wrong, which is then messing up 
the packet for later code.


More information about the Freeradius-Devel mailing list