Michael J. Hartwick wrote:
I know that this post may not contain all of the required information, this is just to get things going while I investigate further.
From gdb:
#0 0x40297d8f in memcpy () from /lib/libc.so.6 #1 0x400289c1 in rad_attr2vp (packet=0x8177678, original=0x0, secret=0x8169168 "secret", attribute=90, length=0, data=0x817887c
'length' shouldn't be zero. The VP shouldn't be created if 'length' is zero.
I have had a problem with FreeRADIUS segfaulting intermittently for a number of months which makes it hard to gather the required information. The only thing that I found in all cases was the numerous, empty Cisco-AVPair's in the packet. With it being a segfault I suspect accessing a null pointer somewhere.
Can you find out what equipment is generating this nonsense, and file a bug on bugs.freeradius.org with the make/model, etc? That way other people can avoid broken equipment.
I *think* that the problem might be the length=0 in the call to rad_attr2vp(). If that is the case then something like:
if (length = 0) return NULL;
at line 1928 or so of radius.c might resolve the problem. Before I go ahead and make that addition, am I on the right page or way off in left field on this?
You're right, but that change will cause the entire packet to be discarded. If you're Ok with that, fine. Otherwise, I've committed a patch to CVS head that should fix this. Alan DeKok.