Segmentation fault with LDAP authentication and rate control?

ST Wong (ITSC) ST at itsc.cuhk.edu.hk
Wed Oct 30 02:38:48 CET 2013 

>  TLS_DEFAULT_VERIFY is a static string. int->tls_require_cert is initialized when the module loads, and s never changed.
>
>  The issue is some kind of memory corruption.  i.e. it's not this line, it's elsewhere.

Right.  It's strange that inst->tls_require_cert becomes null (or undefined) in the middle (yes, due to memory corruption and caused segmentation fault).
Any hint on how to locate the line(s) that cause the problem?  I'm playing with valgrind but not sure if it's the way to go.   Thanks.

/ST

-----Original Message-----
From: freeradius-users-bounces+st=itsc.cuhk.edu.hk at lists.freeradius.org [mailto:freeradius-users-bounces+st=itsc.cuhk.edu.hk at lists.freeradius.org] On Behalf Of Alan DeKok
Sent: Tuesday, October 29, 2013 9:58 PM
To: FreeRadius users mailing list
Subject: Re: Segmentation fault with LDAP authentication and rate control?

ST Wong (ITSC) wrote:
> We’re using 2.2.0 on RHEL 6.2 using LDAPS as authentication backend. 
> The servers are running well over 2 years until recently.  The server 
> fails with SIGSEGV or SIGABRT whenever there is ‘burst’ of
> authentication requests, say over 100 requests in the same second.   In
> the SIGSEGV case, coredump shows:
...
> 2410            if (strcmp(TLS_DEFAULT_VERIFY, inst->tls_require_cert )
> != 0 ) {

  TLS_DEFAULT_VERIFY is a static string. int->tls_require_cert is initialized when the module loads, and s never changed.

  The issue is some kind of memory corruption.  i.e. it's not this line, it's elsewhere.

> Besides, as we must use LDAP for authentication backend which maybe a 
> bottleneck, is it feasible to have kind of QoS/rate control for 
> incoming authentication requests, and/or some LDAP authentication result
> caching?    Sorry for the naïve questions.   Thanks again.

  You can't do LDAP result caching, sorry.  There's also no ability to do rate control on incoming authentication.

  You may try the v2.x.x branch from git.  It may have fixes which solve this issue.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list