FreeRADIUS 3.0: Segfault in rlm_detail

Julius Plenz plenz at cis.fu-berlin.de
Tue Mar 4 14:56:30 CET 2014


Hi,

I'm trying to upgrade my config to FreeRADIUS 3.0, but I get
reproducable segfaults in the `rlm_detail' module. I send a simple
packet (User-Name, User-Password) via `radclient', and the server
immediately crashes:

    $ bin/radiusd -xx -f -l /dev/stderr -t
    ...
    (0) auth_log :  expand: "/server/devel/server/log/client/%{Client-IP-Address}/auth-%Y%m%d" -> '/server/devel/server/log/client/XXX.XXX.XX.XX/auth-20140304'
    (0) auth_log : /server/devel/server/log/client/%{Client-IP-Address}/auth-%Y%m%d expands to /server/devel/server/log/client/XXX.XXX.XX.XX/auth-20140304
    (0) auth_log : Acquired filelock, tried 1 time(s)
    (0) auth_log :  expand: "%S" -> '2014-03-04 14:41:14'
    Bad talloc magic value - unknown value 
    [Backtrace follows]

The auth_log is defined in the detail module config:

    $ cat etc/mods-enabled/detail
    ...
    detail auth_log {
        filename = ${radacctdir}/%{Client-IP-Address}/auth-%Y%m%d
        permissions = 0600
        dir_permissions = 0700
        locking = yes
        header = "%S"
        log_packet_header = yes
        suppress {
            User-Password
        }
    }
    ...


Interesting part of GDB backtrace:

#0  0x00007ffff5d891b5 in *__GI_raise (sig=<value optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1  0x00007ffff5d8bfc0 in *__GI_abort () at abort.c:92
#2  0x00007ffff71380bc in ?? () from /usr/lib/libtalloc.so.2
#3  0x00007ffff7138221 in talloc_get_name () from /usr/lib/libtalloc.so.2
#4  0x00007ffff713b56b in _talloc_get_type_abort () from /usr/lib/libtalloc.so.2
#5  0x00007ffff79913b8 in vp_prints (out=0x7fffffffa751 "", outlen=1023, vp=0x7fffffffac20) at src/lib/print.c:868
#6  0x00007ffff799154a in vp_print (fp=0xd31870, vp=0x7fffffffac20) at src/lib/print.c:908
#7  0x00007ffff3523e7e in detail_write (out=0xd31870, inst=0xd16a50, request=0xd31060, packet=0xd30ee0, compat=false)
    at src/modules/rlm_detail/rlm_detail.c:249
#8  0x00007ffff35248c3 in detail_do (instance=0xd16a50, request=0xd31060, packet=0xd30ee0, compat=false)
    at src/modules/rlm_detail/rlm_detail.c:484
#9  0x00007ffff3524a5a in mod_authorize (instance=0xd16a50, request=0xd31060) at src/modules/rlm_detail/rlm_detail.c:533
#10 0x0000000000423915 in call_modsingle (component=RLM_COMPONENT_AUTZ, sp=0xd18bb0, request=0xd31060) at src/main/modcall.c:311
...

The file /server/devel/server/log/client/XXX.XXX.XX.XX/auth-20140304
is actually being created, but contains only this:

    2014-03-04 14:41:14
            Packet-Type = Access-Request

So presumably FreeRADIUS crashes while trying to print out the
Packet-Src-IP-Address...?

Thanks in advance,

Julius


P.S.: I'm using the v3.0.x branch from a few days ago, namely
80eee20b9. Compiling against the tip of v3.0.x, eb3bfda, is not
possible any more:

$ make
CC src/lib/cbuff.c
In file included from <command-line>:0:
/server/devel/src/freeradius/src/freeradius-devel/build.h:84:6: error: #error Failed determining endianness of system
make: *** [build/objs/src/lib/cbuff.lo] Error 1


More information about the Freeradius-Users mailing list