possible bug on HUP (2.1.6)

Stefan Winter stefan.winter at restena.lu
Wed Jul 15 09:48:14 CEST 2009


Hi,

after upgrading my FreeRADIUS installation to 2.1.6, I tried SIGHUP and
got a SIGSEGV back :-/

It didn't happen immediately, but only after the next auth attempt was
processed. I have attached my virtual server "Monitoring" - this is the
spot in the server where I changed something; the password for this
User-Name was changed. Before changing that password and HUPing, auth
worked consistently.

I attached with gdb to find out what's wrong, the bt is at the end: it
failed while xlat'ing User-Name for an sql relay. That's really
surprising because I didn't change the User-Name, only the control item
Cleartext-Password.

Greetings,

Stefan Winter

######### virtual server config

server Monitoring {

authorize {
        update request {
                RESTENA-Service-Type := "Nagios-Monitoring"
        }
        if ( User-Name == "testuser.monitor at testrealm.lu" ) {
                update control {
                        Cleartext-Password := "obfuscated" <------------
this is what I changed
                }
        }
        auth_log
#       users.Nagios
        pap
}


authenticate {
                pap
}


preacct {
}

accounting {
}

session {
}

post-auth {
        reply_log
        sql_relay_main
        Post-Auth-Type REJECT {
                reply_log
                sql_relay_main
        }
}

pre-proxy {
}

post-proxy {
}

}

########### gdb session with bt

Program received signal SIGHUP, Hangup.
0xb7f9a424 in __kernel_vsyscall ()
(gdb) c
Continuing.

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb79d4b90 (LWP 7097)]
0xb7c48073 in strchr () from /lib/libc.so.6
(gdb) bt
#0  0xb7c48073 in strchr () from /lib/libc.so.6
#1  0xb71bae13 in sql_escape_func (out=0xb79d27d0 "", outlen=3964,
in=0xb79d1d34 "testuser.monitor at testrealm.lu") at rlm_sql_log.c:160
#2  0x08067a42 in valuepair2str (out=0xb79d27d0 "", outlen=3964,
pair=0x8d0c3b8, type=0, func=0xb71bad80 <sql_escape_func>) at xlat.c:72
#3  0x08069532 in xlat_packet (instance=0x807d9a4, request=0x8d0bcb0,
fmt=0xb79d2414 "User-Name", out=0xb79d27d0 "", outlen=3964,
func=0xb71bad80 <sql_escape_func>) at xlat.c:383
#4  0x08068887 in radius_xlat (out=0xb79d274c "INSERT INTO radpostauth",
' ' <repeats 37 times>, "(id, user, pass, reply, date)", ' ' <repeats 30
times>, "VALUES ('', '", outlen=4096,
    fmt=0x8d0d568 "INSERT INTO radpostauth", ' ' <repeats 37 times>,
"(id, user, pass, reply, date)", ' ' <repeats 30 times>, "VALUES ('',
'%{User-Name}', '%{RESTENA-Service-Type}', '%{reply:Packet-Type}', '%"...,
    request=0x8d0bcb0, func=0xb71bad80 <sql_escape_func>) at xlat.c:911
#5  0xb71bac38 in sql_xlat_query (inst=0xb79d261e, request=0x8d0bcb0,
    query=0x8d0d568 "INSERT INTO radpostauth", ' ' <repeats 37 times>,
"(id, user, pass, reply, date)", ' ' <repeats 30 times>, "VALUES ('',
'%{User-Name}', '%{RESTENA-Service-Type}', '%{reply:Packet-Type}', '%"...,
    xlat_query=0xb79d274c "INSERT INTO radpostauth", ' ' <repeats 37
times>, "(id, user, pass, reply, date)", ' ' <repeats 30 times>, "VALUES
('', '", len=4096) at rlm_sql_log.c:258
#6  0xb71bb187 in sql_log_postauth (instance=0x8c53a40,
request=0x8d0bcb0) at rlm_sql_log.c:398
#7  0x08062bd8 in modcall (component=7, c=0x8d2af90, request=0x8d0bcb0)
at modcall.c:286
#8  0x0805f782 in indexed_modcall (comp=7, idx=13835320,
request=0x8d0bcb0) at modules.c:631
#9  0x0805f89c in module_post_auth (postauth_type=13835320,
request=0x8d0bcb0) at modules.c:1452
#10 0x0804ee17 in rad_postauth (request=0x8d0bcb0) at auth.c:410
#11 0x0806d14d in request_post_handler (request=0x8d0bcb0) at event.c:2333
#12 0x0806d5b3 in radius_handle_request (request=0x8d0bcb0,
fun=0x804ee60 <rad_authenticate>) at event.c:3652
#13 0x08065760 in request_handler_thread (arg=0x8ce21d8) at threads.c:492
#14 0xb7f2f1b5 in start_thread () from /lib/libpthread.so.0
#15 0xb7ca638e in clone () from /lib/libc.so.6
(gdb)

-- 
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg

Tel: +352 424409 1
Fax: +352 422473




More information about the Freeradius-Devel mailing list