Crashes in 2.1.8 when handling received auth packets

Alan DeKok aland at
Tue Feb 2 20:25:10 CET 2010

John Morrissey wrote:
> We recently upgraded from 2.0.4 to 2.1.8 and are now noticing occasional
> segfaults when handling received auth packets. Representative backtraces are
> below. In all cases, all threads are idle except one, which is receiving an
> auth packet.

  Ugh.  This looks like:

> In the first case, auth_socket_recv() passes a NULL packet to
> received_request(), which is strange since auth_socket_recv() checks for
> that case immediately before.


> In the second case, received_request() gets a bogus pointer to the packet,
> apparently from rad_recv().

  Which should never happen.

> I'm always hesitant to trust backtraces from optimized binaries, but the
> code paths relative to the packet pointers being passed around are bizarre
> and strike me as stack or heap corruption.
> Any ideas?


  I've run *billions* of packets through the server in a variety of
environments in an attempt to reproduce bug #35.  No luck.

  I don't know what to say at this point...

  Alan DeKok.

More information about the Freeradius-Devel mailing list