Exec problems in FR3.0

Alan DeKok aland at deployingradius.com
Thu Jun 13 18:57:19 CEST 2013


Phil Mayers wrote:
> Confirmed. Looks like a bug has crept into the exec code in HEAD:
> 
> 28619 execve(0x6461202e2e2e2000, [0x6461202e2e2e2000,
> 0x77656e20676e6964, 0x2074656b636f7320, 0x7325, 0x612064656c696146,
> 0x727020676e696464, 0x6b636f732079786f,
>  0x7325203a7465, 0x612064656c696146, 0x766520676e696464,
> 0x646e616820746e65, 0x20726f662072656c, 0x2174656b636f73,
> 0x7265206c61746146, 0x6565726620726f72, 0x636f
> 7320676e697a, ...], [/* 2 vars */]) = -1 EFAULT (Bad address)
> 28619 write(1, "\33[1m\33[33m(0) WARNING: myexec : F"..., 91) = 91
> 
> Will investigate.

  It may be related to the use of argv in exec.c.  Coverity says:

107
   	
CID 1020962 (#1 of 1): Uninitialized scalar variable (UNINIT)
2. uninit_use_in_call: Using uninitialized element of array "argv" when
calling "memcpy(void * restrict, void const * restrict, size_t)".
108        memcpy(&argv_p, &argv, sizeof(argv_p));
109

  So that's probably it.  I haven't had a chance to look into it yet.

  Alan DeKok.


More information about the Freeradius-Users mailing list