Freeradius 3.0.10 sigsegv

Luca Palazzo luca.palazzo at unict.it
Tue Jan 12 17:29:32 CET 2016 

Alan,
I tried a lot of things in these days.
The crash has something to do with the sql-group.
No using it, it does not crash.
It seem to crash when SQL-Group attribute is null, when a user is not 
found in usergroup table.
Can you look deeper in it?
BTW: I tried to do the same filter using huntgroup, but I must have 
missed something, because it does not work.

My huntgorup is this:

eduroam		Called-Station-Id =~ ".*:eduroam$"
eduroam		Airespace-Wlan-Id == 3
		SQL-Group == wireless

So no other people than those one in wireless group should be able to 
use eduroam. But this does not work

Luca


Il 06/01/16 22:53, Alan DeKok ha scritto:
> On Jan 6, 2016, at 4:46 PM, Luca Palazzo <luca.palazzo at unict.it> wrote:
>>
>> I've just commented it but i got same sigsegv:
>>
>> Program received signal SIGSEGV, Segmentation fault.
>> 0x00007ffff7bc77a0 in paircompare (request=request at entry=0x950d60, req_list=0x951010, check=check at entry=0x952b00, rep_list=rep_list at entry=0x0) at src/main/pair.c:536
>> 536                                     if ((auth_item->da == from) || (!from)) {
>> (gdb) p from
>> $1 = (const DICT_ATTR *) 0x68ff50
>> (gdb) p auth_item
>> $2 = (VALUE_PAIR *) 0x2e696d696c6f7040
>> (gdb) p auth_item->da
>> Cannot access memory at address 0x2e696d696c6f7040
>
>    That's a garbage value.  The server is accessing an attribute which was deleted.
>
>> (gdb)
>>
>> Only this part remains:
>>
>> if (EAP-Message) {
>>                  if ( Called-Station-ID =~ /.*:eduroam$/ )
>>
>>                          if ( SQL-Group == studente ) {
>>                                 reject
>>                                 update reply {
>>                                         Reply-Message = "Eduroam access for students allowed only if you are outside UniCT campus"
>>                                 }
>
>    The "update reply" will never get used.  As soon as the server sees the "reject", the packets will be rejected.
>
>    So swap the order or "reject" and "update reply".  I don't think it will help, though.
>
>    Ad what packet makes it SEGV?  You have the code checking for multiple things.  Does it SEGV for *all* of them?  Or just one?  If it's just one, can you delete the *other* checks and still have it SEGV?
>
>    It would help a LOT to have a simple configuration which I can use here.  Right now, your configuration depends on local SQL-Groups, and other things (EAP config, SQL server), which I don't have access to.
>
>    Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>

More information about the Freeradius-Users mailing list