Crash due to fr_packet_cmp
Alan DeKok
aland at deployingradius.com
Wed Nov 18 11:31:24 CET 2009
fabiana marvani wrote:
> Why is not there a protection for "null pointer" to avoid this kind of
> problem?
Because the design of the server means that this crash *should* be
impossible.
The request packet has been placed in a hash table. The crash comes
because the request data structure is still in the hash, but the request
packet has been freed. This should *not* happen.
And reading src/main/event.c, there are only 3-4 locations in the code
that reads/writes "request->packet". i.e. it FIRST removes the request
from the hash, and THEN frees the packet. It's always in this order,
and always done in the main thread.
So I have no idea why this is happening...
Alan DeKok.
More information about the Freeradius-Users
mailing list