2.0.1 Segfault
Alan DeKok
aland at deployingradius.com
Thu Jan 31 09:49:29 CET 2008
Michael J. Hartwick wrote:
> I know that this post may not contain all of the required information,
> this is just to get things going while I investigate further.
From gdb:
> #0 0x40297d8f in memcpy () from /lib/libc.so.6
> #1 0x400289c1 in rad_attr2vp (packet=0x8177678, original=0x0,
> secret=0x8169168 "secret",
> attribute=90, length=0, data=0x817887c
'length' shouldn't be zero. The VP shouldn't be created if 'length'
is zero.
> I have had a problem with FreeRADIUS segfaulting intermittently for a
> number of months which makes it hard to gather the required information.
> The only thing that I found in all cases was the numerous, empty
> Cisco-AVPair's in the packet. With it being a segfault I suspect
> accessing a null pointer somewhere.
Can you find out what equipment is generating this nonsense, and file
a bug on bugs.freeradius.org with the make/model, etc? That way other
people can avoid broken equipment.
> I *think* that the problem might be the length=0 in the call to
> rad_attr2vp(). If that is the case then something like:
>
> if (length = 0) return NULL;
>
> at line 1928 or so of radius.c might resolve the problem. Before I go
> ahead and make that addition, am I on the right page or way off in left
> field on this?
You're right, but that change will cause the entire packet to be
discarded. If you're Ok with that, fine.
Otherwise, I've committed a patch to CVS head that should fix this.
Alan DeKok.
More information about the Freeradius-Users
mailing list