SV: Re: Freeradius stops authenticating
I recompiled freeradius with the patch, but the problem didn't go away.. I have 2 new outputs from valgrind and a stacktrace from gbd, but I don't want to send attachments to the list. Here's some lines from the output's.. Run 1: Valgrind # valgrind --tool=memcheck --verbose --log-file=/root/val071105 radiusd -yf --- ==32260== Thread 8: ==32260== Invalid write of size 4 ==32260== at 0x7D64E8: _IO_fclose@@GLIBC_2.1 (in /lib/tls/libc-2.3.4.so) ==32260== by 0x1BB78CB2: ??? (rlm_passwd.c:308) ==32260== by 0xFC53: modcall (modcall.c:219) ==32260== by 0xFEE0: modcall (modcall.c:252) ==32260== Address 0x1BB57078 is 0 bytes inside a block of size 352 free'd ==32260== at 0x1B904EA5: free (vg_replace_malloc.c:153) ==32260== by 0x7D64F5: _IO_fclose@@GLIBC_2.1 (in /lib/tls/libc-2.3.4.so) ==32260== by 0x1BB77DFA: ??? (rlm_passwd.c:285) ==32260== by 0x1BB78C12: ??? (rlm_passwd.c:545) ==32260== ==32260== Thread 8: ==32260== Invalid free() / delete / delete[] ==32260== at 0x1B904EA5: free (vg_replace_malloc.c:153) ==32260== by 0x7D64F5: _IO_fclose@@GLIBC_2.1 (in /lib/tls/libc-2.3.4.so) ==32260== by 0x1BB78CB2: ??? (rlm_passwd.c:308) ==32260== by 0xFC53: modcall (modcall.c:219) ==32260== Address 0x1BB57078 is 0 bytes inside a block of size 352 free'd ==32260== at 0x1B904EA5: free (vg_replace_malloc.c:153) ==32260== by 0x7D64F5: _IO_fclose@@GLIBC_2.1 (in /lib/tls/libc-2.3.4.so) ==32260== by 0x1BB77DFA: ??? (rlm_passwd.c:285) ==32260== by 0x1BB78C12: ??? (rlm_passwd.c:545) Run 2: Valgrind # valgrind --tool=memcheck --verbose --log-file=/root/val071105 radiusd -yf ----- ==9390== Thread 8: ==9390== Invalid write of size 4 ==9390== at 0x7D64E8: _IO_fclose@@GLIBC_2.1 (in /lib/tls/libc-2.3.4.so) ==9390== by 0x1BB78CB2: ??? (rlm_passwd.c:308) ==9390== by 0xFC53: modcall (modcall.c:219) ==9390== by 0xFEE0: modcall (modcall.c:252) ==9390== Address 0x1BB371C8 is 0 bytes inside a block of size 352 free'd ==9390== at 0x1B904EA5: free (vg_replace_malloc.c:153) ==9390== by 0x7D64F5: _IO_fclose@@GLIBC_2.1 (in /lib/tls/libc-2.3.4.so) ==9390== by 0x1BB77DFA: ??? (rlm_passwd.c:285) ==9390== by 0x1BB78CA3: ??? (rlm_passwd.c:309) ==9390== ==9390== Thread 8: ==9390== Invalid free() / delete / delete[] ==9390== at 0x1B904EA5: free (vg_replace_malloc.c:153) ==9390== by 0x7D64F5: _IO_fclose@@GLIBC_2.1 (in /lib/tls/libc-2.3.4.so) ==9390== by 0x1BB78CB2: ??? (rlm_passwd.c:308) ==9390== by 0xFC53: modcall (modcall.c:219) ==9390== Address 0x1BB371C8 is 0 bytes inside a block of size 352 free'd ==9390== at 0x1B904EA5: free (vg_replace_malloc.c:153) ==9390== by 0x7D64F5: _IO_fclose@@GLIBC_2.1 (in /lib/tls/libc-2.3.4.so) ==9390== by 0x1BB77DFA: ??? (rlm_passwd.c:285) ==9390== by 0x1BB78CA3: ??? (rlm_passwd.c:309) ==9390== ==9390== Thread 9: ==9390== Invalid read of size 1 ==9390== at 0x7D6BFA: _IO_fgets (in /lib/tls/libc-2.3.4.so) ==9390== by 0x1BB77DA0: ??? (rlm_passwd.c:275) ==9390== by 0x1BB78C12: ??? (rlm_passwd.c:545) ==9390== by 0xFC53: modcall (modcall.c:219) ==9390== Address 0x1BB68F31 is 1 bytes inside a block of size 352 free'd ==9390== at 0x1B904EA5: free (vg_replace_malloc.c:153) ==9390== by 0x7D64F5: _IO_fclose@@GLIBC_2.1 (in /lib/tls/libc-2.3.4.so) ==9390== by 0x1BB78CB2: ??? (rlm_passwd.c:308) ==9390== by 0xFC53: modcall (modcall.c:219) Run 3: gdb # radiusd -yf Mon Nov 7 13:02:31 2005 : Info: Starting - reading configuration files ... *** glibc detected *** malloc(): memory corruption: 0xae8012dd *** Aborted (core dumped) # date man nov 7 14:19:20 CET 2005 # gdb radiusd core.19991 (gdb) bt #0 0x00bbb7a2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2 #1 0x003127d5 in raise () from /lib/tls/libc.so.6 #2 0x00314149 in abort () from /lib/tls/libc.so.6 #3 0x0034640a in __libc_message () from /lib/tls/libc.so.6 #4 0x0034d51c in _int_malloc () from /lib/tls/libc.so.6 #5 0x0034ef81 in malloc () from /lib/tls/libc.so.6 #6 0x0011915b in pairmake (attribute=0x947af33 "LM-Password", value=0x947ab03 "", operator=11) at valuepair.c:1041 #7 0x00e09981 in addresult (inst=0x947a9e8, vp=0x947d954, pw=0x947aac8, when=0 '\0', listname=0xe09e76 "config_items") at rlm_passwd.c:504 #8 0x00e09bbc in passwd_authorize (instance=0x947a9e8, request=0x947d940) at rlm_passwd.c:542 #9 0x001f2c54 in modcall (component=1, c=0x9479b18, request=0x947d940) at modcall.c:219 #10 0x001f2ee1 in modcall (component=1, c=0x93fb260, request=0x947d940) at modcall.c:252 #11 0x001f2126 in indexed_modcall (comp=1, idx=6, request=0x0) at modules.c:473 #12 0x001eeef3 in rad_authenticate (request=0x947d940) at auth.c:592 #13 0x001e804c in rad_respond (request=0x947d940, fun=0x1eee57 <rad_authenticate>) at radiusd.c:1642 #14 0x001f5481 in request_handler_thread (arg=0x947d378) at threads.c:517 #15 0x006c5341 in start_thread () from /lib/tls/libpthread.so.0 #16 0x003b26fe in clone () from /lib/tls/libc.so.6 (gdb) My rlm_passwd.c (after applying patch): Line: 279 - 289 if(!strcmp(list, name)) return passwd; } } } } fclose(ht->fp); ht->fp = NULL; return NULL; #undef passwd } Line:301 - 311 if (!strcmp(hashentry->field[ht->keyfield], name)){ /* save address of next item to check into buffer */ ht->last_found=hashentry->next; return hashentry; } return NULL; } if (ht->fp) fclose(ht->fp); if (!(ht->fp=fopen(ht->filename, "r"))) return NULL; return get_next(name, ht); } Line: 540 - 550 } do { addresult(inst, &request->config_items, pw, 0, "config_items"); addresult(inst, &request->reply->vps, pw, 1, "reply_items"); addresult(inst, &request->packet->vps, pw, 2, "request_items"); } while ( (pw = get_next(name, inst->ht)) ); found++; if (!inst->allowmultiple) break; } if(!found) { return RLM_MODULE_NOTFOUND; Please send me an email if you can help me, and I will send the complete outputs. Svein Hansen
nbk@sitadelle.com 27.10.2005 12:34:41 >>> Svein Hansen wrote:
I suspected that there had to be a module in freeradius that makes glibc fault, so I tried to run freeradius in Valgrind:
Thanks, the output of Valgrind is very useful.
I'm not a programmer, but can it be that radius tries a double-close or a double-free?
Indeed, it looks like a file stream is closed more than once. Please try to apply these changes to src/modules/rlm_passwd/rlm_passwd.c then recompile FreeRADIUS and test again. Index: src/modules/rlm_passwd/rlm_passwd.c =================================================================== RCS file: /source/radiusd/src/modules/rlm_passwd/rlm_passwd.c,v retrieving revision 1.13.2.3 diff -u -r1.13.2.3 rlm_passwd.c --- src/modules/rlm_passwd/rlm_passwd.c 19 Dec 2004 20:06:30 -0000 1.13.2.3 +++ src/modules/rlm_passwd/rlm_passwd.c 27 Oct 2005 10:23:00 -0000 @@ -136,8 +136,15 @@ for (i=0; i<ht->tablesize; i++) if (ht->table[i]) destroy_password(ht->table[i]); - if (ht->table) free(ht->table); - if (ht->fp) fclose(ht->fp); + if (ht->table) { + free(ht->table); + ht->table = NULL: + } + if (ht->fp) { + fclose(ht->fp); + ht->fp = NULL; + } + ht->tablesize = 0; } static void release_ht(struct hashtable * ht){ @@ -194,7 +201,6 @@ if(*buffer && *buffer!='\n' && (!ignorenis || (*buffer != '+' && *buffer != '-')) ){ if(!(hashentry = mypasswd_malloc(buffer, nfields, &len))){ release_hash_table(ht); - ht->tablesize = 0; return ht; } len = string_to_entry(buffer, nfields, *ht->delimiter, hashentry, len); @@ -219,7 +225,6 @@ else nextlist = 0; if(!(hashentry1 = mypasswd_malloc("", nfields, &len))){ release_hash_table(ht); - ht->tablesize = 0; return ht; } for (i=0; i<nfields; i++) hashentry1->field[i] = hashentry->field[i]; -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
participants (1)
-
Svein Hansen