FR 2.1.x git + SoH: ASSERT FAILED xlat.c[1048]: outlen > 0
Hi All, Sorry for the sketchy details.... We got an ASSERT FAILED xlat.c[1048]: outlen > 0 with a PEAP user. The bit of the -X I have is as below, and the soh virtual server config is attached. I have no further details at the moment because the client has gone away (and I've disabled SoH in the EAP module config in case they come back and knock it over again while I'm away). The same set-up has been fine with many other SoH clients previously. Can anyone point me in the right direction? ....The only think that came to mind was the packet getting a bit big with all those attributes? Thanks, James ++++[updated] returns updated +++- if ((Calling-Station-Id) && "%{Calling-Station-Id}" =~ /^%{config:policy.mac-addr}$/i) returns updated +++ ... skipping else for request 750: Preceding "if" was taken ++- policy create.uob-stripped-mac returns updated SoH-Supported = yes SoH-MS-Machine-OS-vendor = Microsoft SoH-MS-Machine-OS-version = 6 SoH-MS-Machine-OS-release = 0 SoH-MS-Machine-OS-build = 6000 SoH-MS-Machine-SP-version = 0 SoH-MS-Machine-SP-release = 0 SoH-MS-Machine-Processor = x86 SoH-MS-Machine-Name = "AlexanderPC" SoH-MS-Correlation-Id = 0x81aa82cd69f946f2bae142fd0fbfcc3e01cc09847027078c SoH-MS-Machine-Role = client SoH-MS-Windows-Health-Status = "firewall ok snoozed=0 microsoft=0 up2date=1 enabled=0" SoH-MS-Windows-Health-Status = "firewall ok snoozed=0 microsoft=0 up2date=1 enabled=0" SoH-MS-Windows-Health-Status = "firewall ok snoozed=0 microsoft=1 up2date=1 enabled=1" SoH-MS-Windows-Health-Status = "antivirus ok snoozed=0 microsoft=0 up2date=1 enabled=1" SoH-MS-Windows-Health-Status = "antivirus ok snoozed=0 microsoft=0 up2date=1 enabled=0" SoH-MS-Windows-Health-Status = "antivirus ok snoozed=0 microsoft=0 up2date=1 enabled=0" SoH-MS-Windows-Health-Status = "antivirus ok snoozed=0 microsoft=0 up2date=1 enabled=1" SoH-MS-Windows-Health-Status = "antivirus ok snoozed=0 microsoft=0 up2date=1 enabled=1" SoH-MS-Windows-Health-Status = "antivirus ok snoozed=0 microsoft=0 up2date=0 enabled=1" SoH-MS-Windows-Health-Status = "antivirus ok snoozed=0 microsoft=0 up2date=1 enabled=1" SoH-MS-Windows-Health-Status = "antispyware ok snoozed=0 microsoft=0 up2date=1 enabled=1" SoH-MS-Windows-Health-Status = "antispyware ok snoozed=0 microsoft=0 up2date=1 enabled=0" SoH-MS-Windows-Health-Status = "antispyware ok snoozed=0 microsoft=0 up2date=1 enabled=1" SoH-MS-Windows-Health-Status = "antispyware ok snoozed=0 microsoft=0 up2date=1 enabled=1" SoH-MS-Windows-Health-Status = "antispyware ok snoozed=0 microsoft=0 up2date=1 enabled=1" SoH-MS-Windows-Health-Status = "antispyware ok snoozed=0 microsoft=1 up2date=0 enabled=0" SoH-MS-Windows-Health-Status = "antispyware ok snoozed=0 microsoft=0 up2date=0 enabled=1" SoH-MS-Windows-Health-Status = "antispyware ok snoozed=0 microsoft=0 up2date=1 enabled=1" SoH-MS-Windows-Health-Status = "auto-updates ok action=install by-policy=1" SoH-MS-Windows-Health-Status = "security-updates error no-wsus-srv" FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "abcdef@bris.ac.uk" Calling-Station-Id = "00:1b:77:xx:xx:xx" Called-Station-Id = "00:3a:98:9d:17:30:eduroam" NAS-Port = 29 NAS-IP-Address = 172.17.107.207 NAS-Identifier = "wism7" Airespace-Wlan-Id = 3 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "448" ASSERT FAILED xlat.c[1048]: outlen > 0 -- James J J Hooper Network Specialist, University of Bristol http://www.wireless.bristol.ac.uk -- Config bits: server eduroamlocal-soh { authorize { if (SoH-Supported == no) { update config { Auth-Type = Accept } } else { detail-bsql update config { Auth-Type = Accept } detail detail-bsql { detailfile = ${radacctdir}/%{%{Virtual-Server}:-UNKNOWN}-bsql/detail-bsql.log detailperm = 0600 header = "%t" }
On 04/05/11 10:42, James J J Hooper wrote:
Hi All,
Sorry for the sketchy details....
We got an ASSERT FAILED xlat.c[1048]: outlen > 0 with a PEAP user. The bit of the -X I have is as below, and the soh virtual server config is attached. I have no further details at the moment because the client has gone away (and I've disabled SoH in the EAP module config in case they come back and knock it over again while I'm away).
The same set-up has been fine with many other SoH clients previously.
Can anyone point me in the right direction? ....The only think that came to mind was the packet getting a bit big with all those attributes?
Thanks, James
++++[updated] returns updated +++- if ((Calling-Station-Id) && "%{Calling-Station-Id}" =~ /^%{config:policy.mac-addr}$/i) returns updated +++ ... skipping else for request 750: Preceding "if" was taken ++- policy create.uob-stripped-mac returns updated
Is that all? It jumps straight from the above to dumping the SoH packet?
SoH-Supported = yes SoH-MS-Machine-OS-vendor = Microsoft SoH-MS-Machine-OS-version = 6 SoH-MS-Machine-OS-release = 0 SoH-MS-Machine-OS-build = 6000 SoH-MS-Machine-SP-version = 0 SoH-MS-Machine-SP-release = 0 SoH-MS-Machine-Processor = x86 SoH-MS-Machine-Name = "AlexanderPC" SoH-MS-Correlation-Id = 0x81aa82cd69f946f2bae142fd0fbfcc3e01cc09847027078c SoH-MS-Machine-Role = client SoH-MS-Windows-Health-Status = "firewall ok snoozed=0 microsoft=0 up2date=1 enabled=0" SoH-MS-Windows-Health-Status = "firewall ok snoozed=0 microsoft=0 up2date=1 enabled=0" SoH-MS-Windows-Health-Status = "firewall ok snoozed=0 microsoft=1 up2date=1 enabled=1" SoH-MS-Windows-Health-Status = "antivirus ok snoozed=0 microsoft=0
Ok, something has gone wildly wrong there.... Unless they really do have 3 firewall, 7 AV and 8 anti-spyware products installed!
up2date=1 enabled=1" SoH-MS-Windows-Health-Status = "antivirus ok snoozed=0 microsoft=0 up2date=1 enabled=0" SoH-MS-Windows-Health-Status = "antivirus ok snoozed=0 microsoft=0 up2date=1 enabled=0" SoH-MS-Windows-Health-Status = "antivirus ok snoozed=0 microsoft=0 up2date=1 enabled=1" SoH-MS-Windows-Health-Status = "antivirus ok snoozed=0 microsoft=0 up2date=1 enabled=1" SoH-MS-Windows-Health-Status = "antivirus ok snoozed=0 microsoft=0 up2date=0 enabled=1" SoH-MS-Windows-Health-Status = "antivirus ok snoozed=0 microsoft=0 up2date=1 enabled=1" SoH-MS-Windows-Health-Status = "antispyware ok snoozed=0 microsoft=0 up2date=1 enabled=1" SoH-MS-Windows-Health-Status = "antispyware ok snoozed=0 microsoft=0 up2date=1 enabled=0" SoH-MS-Windows-Health-Status = "antispyware ok snoozed=0 microsoft=0 up2date=1 enabled=1" SoH-MS-Windows-Health-Status = "antispyware ok snoozed=0 microsoft=0 up2date=1 enabled=1" SoH-MS-Windows-Health-Status = "antispyware ok snoozed=0 microsoft=0 up2date=1 enabled=1" SoH-MS-Windows-Health-Status = "antispyware ok snoozed=0 microsoft=1 up2date=0 enabled=0" SoH-MS-Windows-Health-Status = "antispyware ok snoozed=0 microsoft=0 up2date=0 enabled=1" SoH-MS-Windows-Health-Status = "antispyware ok snoozed=0 microsoft=0 up2date=1 enabled=1" SoH-MS-Windows-Health-Status = "auto-updates ok action=install by-policy=1" SoH-MS-Windows-Health-Status = "security-updates error no-wsus-srv" FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "abcdef@bris.ac.uk" Calling-Station-Id = "00:1b:77:xx:xx:xx" Called-Station-Id = "00:3a:98:9d:17:30:eduroam" NAS-Port = 29 NAS-IP-Address = 172.17.107.207 NAS-Identifier = "wism7" Airespace-Wlan-Id = 3 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "448" ASSERT FAILED xlat.c[1048]: outlen > 0
Config bits:
server eduroamlocal-soh {
authorize { if (SoH-Supported == no) { update config { Auth-Type = Accept } } else { detail-bsql
What's the config for this module?
update config { Auth-Type = Accept }
detail detail-bsql { detailfile = ${radacctdir}/%{%{Virtual-Server}:-UNKNOWN}-bsql/detail-bsql.log
detailperm = 0600 header = "%t" }
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 04/05/2011 11:24, Phil Mayers wrote:
On 04/05/11 10:42, James J J Hooper wrote:
++++[updated] returns updated +++- if ((Calling-Station-Id) && "%{Calling-Station-Id}" =~ /^%{config:policy.mac-addr}$/i) returns updated +++ ... skipping else for request 750: Preceding "if" was taken ++- policy create.uob-stripped-mac returns updated
Is that all? It jumps straight from the above to dumping the SoH packet?
Yes
SoH-Supported = yes SoH-MS-Machine-OS-vendor = Microsoft SoH-MS-Machine-OS-version = 6 SoH-MS-Machine-OS-release = 0 SoH-MS-Machine-OS-build = 6000 SoH-MS-Machine-SP-version = 0 SoH-MS-Machine-SP-release = 0 SoH-MS-Machine-Processor = x86 SoH-MS-Machine-Name = "AlexanderPC" SoH-MS-Correlation-Id = 0x81aa82cd69f946f2bae142fd0fbfcc3e01cc09847027078c SoH-MS-Machine-Role = client SoH-MS-Windows-Health-Status = "firewall ok snoozed=0 microsoft=0 up2date=1 enabled=0" SoH-MS-Windows-Health-Status = "firewall ok snoozed=0 microsoft=0 up2date=1 enabled=0" SoH-MS-Windows-Health-Status = "firewall ok snoozed=0 microsoft=1 up2date=1 enabled=1" SoH-MS-Windows-Health-Status = "antivirus ok snoozed=0 microsoft=0
Ok, something has gone wildly wrong there.... Unless they really do have 3 firewall, 7 AV and 8 anti-spyware products installed!
Indeed - We all know how messed up clients can get, so this one is probably due for some TLC (if I can get them to come in).
up2date=1 enabled=1" SoH-MS-Windows-Health-Status = "antivirus ok snoozed=0 microsoft=0 up2date=1 enabled=0" SoH-MS-Windows-Health-Status = "antivirus ok snoozed=0 microsoft=0 up2date=1 enabled=0" SoH-MS-Windows-Health-Status = "antivirus ok snoozed=0 microsoft=0 up2date=1 enabled=1" SoH-MS-Windows-Health-Status = "antivirus ok snoozed=0 microsoft=0 up2date=1 enabled=1" SoH-MS-Windows-Health-Status = "antivirus ok snoozed=0 microsoft=0 up2date=0 enabled=1" SoH-MS-Windows-Health-Status = "antivirus ok snoozed=0 microsoft=0 up2date=1 enabled=1" SoH-MS-Windows-Health-Status = "antispyware ok snoozed=0 microsoft=0 up2date=1 enabled=1" SoH-MS-Windows-Health-Status = "antispyware ok snoozed=0 microsoft=0 up2date=1 enabled=0" SoH-MS-Windows-Health-Status = "antispyware ok snoozed=0 microsoft=0 up2date=1 enabled=1" SoH-MS-Windows-Health-Status = "antispyware ok snoozed=0 microsoft=0 up2date=1 enabled=1" SoH-MS-Windows-Health-Status = "antispyware ok snoozed=0 microsoft=0 up2date=1 enabled=1" SoH-MS-Windows-Health-Status = "antispyware ok snoozed=0 microsoft=1 up2date=0 enabled=0" SoH-MS-Windows-Health-Status = "antispyware ok snoozed=0 microsoft=0 up2date=0 enabled=1" SoH-MS-Windows-Health-Status = "antispyware ok snoozed=0 microsoft=0 up2date=1 enabled=1" SoH-MS-Windows-Health-Status = "auto-updates ok action=install by-policy=1" SoH-MS-Windows-Health-Status = "security-updates error no-wsus-srv" FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "abcdef@bris.ac.uk" Calling-Station-Id = "00:1b:77:xx:xx:xx" Called-Station-Id = "00:3a:98:9d:17:30:eduroam" NAS-Port = 29 NAS-IP-Address = 172.17.107.207 NAS-Identifier = "wism7" Airespace-Wlan-Id = 3 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "448" ASSERT FAILED xlat.c[1048]: outlen > 0
Config bits:
server eduroamlocal-soh {
authorize { if (SoH-Supported == no) { update config { Auth-Type = Accept } } else { detail-bsql
What's the config for this module?
As below i.e. a plain old detail module
update config { Auth-Type = Accept }
detail detail-bsql { detailfile = ${radacctdir}/%{%{Virtual-Server}:-UNKNOWN}-bsql/detail-bsql.log
detailperm = 0600 header = "%t" }
-James
I've committed a fix which changes the assert to a run-time check. It won't correct the underlying issue, but it will keep the server running. Alan DeKok.
On 06/05/11 10:17, Alan DeKok wrote:
I've committed a fix which changes the assert to a run-time check.
It won't correct the underlying issue, but it will keep the server running.
Could you spot any code path which can lead to length < 0? I looked and couldn't see how it was possible.
On 04/05/11 10:42, James J J Hooper wrote:
Hi All,
Sorry for the sketchy details....
We got an ASSERT FAILED xlat.c[1048]: outlen > 0 with a PEAP user. The bit of the -X I have is as below, and the soh virtual server config is attached. I have no further details at the moment because the client has gone away (and I've disabled SoH in the EAP module config in case they come back and knock it over again while I'm away).
The same set-up has been fine with many other SoH clients previously.
Can anyone point me in the right direction? ....The only think that came to mind was the packet getting a bit big with all those attributes?
From what I can tell, that's a pretty hard error condition to produce. xlat.c:1048 is inside xlat_copy, which is the default "escaping" function when radius_xlat is called with a NULL final argument. The assert means that there was no room left in the output buffer, but the very first check inside the while() loop in radius_xlat is: while (*p) { /* Calculate freespace in output */ freespace = outlen - (q - out); if (freespace <= 1) break; A quick look at the code gives me the impression it should be pretty hard to trigger this error condition; I can't see how freespace < 1 ever allows xlat_copy to be called.
Thanks, James
++++[updated] returns updated +++- if ((Calling-Station-Id) && "%{Calling-Station-Id}" =~ /^%{config:policy.mac-addr}$/i) returns updated +++ ... skipping else for request 750: Preceding "if" was taken ++- policy create.uob-stripped-mac returns updated
The above policy: where is that? It's clearly not in your SoH virtual server - is this the inner-tunnel stuff? Can we see the config? I suspect something in the SoH is triggering this when it dumps the AVPs.
On 04/05/2011 11:37, Phil Mayers wrote:
On 04/05/11 10:42, James J J Hooper wrote:
Hi All,
Sorry for the sketchy details....
We got an ASSERT FAILED xlat.c[1048]: outlen > 0 with a PEAP user. The bit of the -X I have is as below, and the soh virtual server config is attached. I have no further details at the moment because the client has gone away (and I've disabled SoH in the EAP module config in case they come back and knock it over again while I'm away).
The same set-up has been fine with many other SoH clients previously.
Can anyone point me in the right direction? ....The only think that came to mind was the packet getting a bit big with all those attributes?
From what I can tell, that's a pretty hard error condition to produce. xlat.c:1048 is inside xlat_copy, which is the default "escaping" function when radius_xlat is called with a NULL final argument.
The assert means that there was no room left in the output buffer, but the very first check inside the while() loop in radius_xlat is:
while (*p) { /* Calculate freespace in output */ freespace = outlen - (q - out); if (freespace <= 1) break;
A quick look at the code gives me the impression it should be pretty hard to trigger this error condition; I can't see how freespace < 1 ever allows xlat_copy to be called.
++++[updated] returns updated +++- if ((Calling-Station-Id) && "%{Calling-Station-Id}" =~ /^%{config:policy.mac-addr}$/i) returns updated +++ ... skipping else for request 750: Preceding "if" was taken ++- policy create.uob-stripped-mac returns updated
The above policy: where is that? It's clearly not in your SoH virtual server - is this the inner-tunnel stuff? Can we see the config? I suspect something in the SoH is triggering this when it dumps the AVPs.
Both inner and outer configs start: -- server eduroamlocal-inner { authorize { create.uob-stripped-mac preprocess -- server eduroamlocal { authorize { create.uob-stripped-mac preprocess -- where create.uob-stripped-mac is: -- create.uob-stripped-mac { if((Calling-Station-Id) && "%{Calling-Station-Id}" =~ /^%{config:policy.mac-addr}$/i) { update request { UOB-Stripped-MAC := "%{tolower:%{1}:%{2}:%{3}:%{4}:%{5}:%{6}}" } updated } else { noop } } -- -James
participants (3)
-
Alan DeKok -
James J J Hooper -
Phil Mayers