Segmentation fault in "rlm_pap"

Urban Loesch bind at enas.net
Thu Aug 9 15:34:41 CEST 2012


Hi,

I'm new to the list. I'm currently migrating from "Radiator" to Freeradius with MySQL Database Backend for Authentication
and Accounting. User-passwords are stored in mysql db with SMD5.

I have installed latest freeradius from debian "squeeze" repositories:

ii  freeradius                      2.1.10+dfsg-2                a high-performance and highly configurable RADIUS server
ii  freeradius-common               2.1.10+dfsg-2                FreeRADIUS common files
ii  freeradius-dbg                  2.1.10+dfsg-2                debug symbols for the FreeRADIUS packages
ii  freeradius-mysql                2.1.10+dfsg-2                MySQL module for FreeRADIUS server
ii  freeradius-utils                2.1.10+dfsg-2                FreeRADIUS client utilities
ii  libfreeradius2                  2.1.10+dfsg-2                FreeRADIUS shared library

If I start freeradius in daemon mode it runs without any problems.
After some hours freeradius segfaults without any visible reason. Until this time users can authenticate
without problems. No error messages in the logfile.

So I tried to run freeradius in debug mode with -X and when it craches i get the following after some hours:

...
rlm_sql (sql): Released sql socket id: 4
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Normalizing SMD5-Password from base64 encoding
++[pap] returns updated
Found Auth-Type = PAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group PAP {...}
[pap] login attempt with password "232nr4Cs"
[pap] Using SMD5 encryption.
[pap] Normalizing SMD5-Password from base64 encoding
Segmentation fault

The Kernel logs the message:
kernel: [10466122.427567] freeradius[20622]: segfault at 7f2ed32e1000 ip 00007f2ed8cbaa4b sp 00007f2ed32debd8 error 4 in 
libc-2.11.3.so[7f2ed8c3b000+159000]


After the crash above I tried to run freeradius with gdb. When it crashes I got the following in gdb shell:

...
rlm_sql (sql): Released sql socket id: 4
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Normalizing SMD5-Password from base64 encoding
++[pap] returns updated
Found Auth-Type = PAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group PAP {...}
[pap] login attempt with password "232nr4Cs"
[pap] Using SMD5 encryption.
[pap] Normalizing SMD5-Password from base64 encoding

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff6859a4b in memcpy () from /lib/libc.so.6

(gdb) bt
#0  0x00007ffff6859a4b in memcpy () from /lib/libc.so.6
#1  0x00007ffff5392572 in normify (request=0x8d2920, vp=0x8d3100, min_length=16) at rlm_pap.c:272
#2  0x00007ffff5392f7e in pap_authenticate (instance=<value optimized out>, request=0x8d2920) at rlm_pap.c:655
#3  0x000000000041b6e3 in call_modsingle (component=<value optimized out>, c=<value optimized out>, request=0x8d2920) at modcall.c:297
#4  modcall (component=<value optimized out>, c=<value optimized out>, request=0x8d2920) at modcall.c:670
#5  0x000000000078ac50 in ?? ()
#6  0x00000000000002cc in ?? ()
#7  0x00000000f7bd7a3a in ?? ()
#8  0x00007fffffffd720 in ?? ()
#9  0x0000000000000000 in ?? ()



Other installed packages:
ii  libc6                           2.11.3-3                     Embedded GNU C Library: Shared libraries
ii  libmysqlclient16                5.1.58-1                     MySQL database client library

I also tried to compile freeradius version 2.1.12 from latest git, but it's always the same.
After some hours it crashes  too.

Have you any idea what could cause this strange crashes?

If you need any further info please let me know.

Many thanks and regards
Urban

Base-Config:
prefix = /usr
exec_prefix = /usr
sysconfdir = /etc
localstatedir = /var
sbindir = ${exec_prefix}/sbin
logdir = /var/log/freeradius
raddbdir = /etc/freeradius
radacctdir = ${logdir}/radacct
name = freeradius
confdir = ${raddbdir}
run_dir = ${localstatedir}/run/${name}
db_dir = ${raddbdir}
libdir = /usr/lib/freeradius
pidfile = ${run_dir}/${name}.pid
user = freerad
group = freerad
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
listen {
	type = auth
	ipaddr = *
	port = 0
}
listen {
	ipaddr = *
	port = 0
	type = acct
}
hostname_lookups = no
allow_core_dumps = no
regular_expressions	= yes
extended_expressions	= yes
log {
	destination = files
	file = ${logdir}/radius.log
	syslog_facility = daemon
	stripped_names = no
	auth = yes
	auth_badpass = yes
	auth_goodpass = no
}
checkrad = ${sbindir}/checkrad
security {
	max_attributes = 200
	reject_delay = 1
	status_server = yes
}
proxy_requests  = no
$INCLUDE proxy.conf
$INCLUDE clients.conf
thread pool {
	start_servers = 5
	max_servers = 32
	min_spare_servers = 3
	max_spare_servers = 10
	max_requests_per_server = 0
}
modules {
	$INCLUDE ${confdir}/modules/
	$INCLUDE eap.conf
	$INCLUDE sql.conf
	$INCLUDE sqlippool.conf
}
instantiate {
	exec
	expr
	expiration
	logintime
}
$INCLUDE policy.conf
$INCLUDE sites-enabled/

...
Only Default Enabled:
authorize {
	preprocess
	auth_log
	chap
	mschap
	digest
	suffix
	eap {
		ok = return
	}
	files
	sql
	expiration
	logintime
	pap
}
authenticate {
	Auth-Type PAP {
		pap
	}
	Auth-Type CHAP {
		chap
	}
	Auth-Type MS-CHAP {
		mschap
	}
	digest
	unix
	eap
}
preacct {
	preprocess
	acct_unique
	suffix
	files
}
accounting {
	detail
	sql
	if (noop) {
		ok
	}
	exec
	attr_filter.accounting_response
}
session {
	sql
}
post-auth {
	exec
	Post-Auth-Type REJECT {
		sql
		attr_filter.access_reject
	}
}
pre-proxy {
}
post-proxy {
	eap
}




More information about the Freeradius-Users mailing list