segmentation fault in rlm_preprocess

duffy reg.marcos at yahoo.it
Thu May 30 17:43:09 CEST 2013 

ooops, i'm sorry.. you're right, i wrote to the wrong list.
btw thank you arran, you fixed it!

now, this is the new issue:

rad_recv: Access-Challenge packet from host 172.20.23.30 port 1812, 
id=159, length=85
         EAP-Message = 0x01a800160410b8a13ab82ba23820a55c0440bf74467f
         Message-Authenticator = 0x78a5dd4358024b720b10b1bcb7b0c917
         State = 0xd036ba28d09ebe94e88e461954f76013
         Proxy-State = 0x323432
(0) # Executing section post-proxy from file 
/etc/raddb/sites-enabled/default
(0)   group post-proxy {
(0)  - entering group post-proxy {...}
(0) attr_filter.access_challenge :      expand: '%{User-Name}' -> 'test at fr3'
(0) attr_filter.access_challenge : Matched entry DEFAULT at line 13

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff0e02d63 in attr_filter_common (instance=0x8a1880, 
request=0x8e77b0, packet=0x942e00) at 
src/modules/rlm_attr_filter/rlm_attr_filter.c:269
269                                     if (vp->da->attr == 
check_item->da->attr) {
Missing separate debuginfos, use: debuginfo-install 
freeradius-3.0.0-14.el6.x86_64
(gdb) info args
instance = 0x8a1880
request = 0x8e77b0
packet = 0x942e00
(gdb) info locals
fall_through = <value optimized out>
relax_filter = 0
inst = 0x8a1880
cursor = {first = 0x942e70, found = 0x0, last = 0x0, current = 0x944490, 
next = 0x9445a0}
out = {first = 0x7fffffffd198, found = 0x0, last = 0x0, current = 0x0, 
next = 0x0}
vp = 0x8e77b0
output = 0x0
input = <value optimized out>
check_item = 0x944490
pl = 0x8a2ad0
found = 1
pass = <value optimized out>
fail = <value optimized out>
keyname = 0x7fffffffd040 "test at fr3"
buffer = 
"test at fr3\000\264\230\000\000\000\000\000\023\000\000\000\000\000\000\000\366\253:\367\377\177\000\000`\327\377\377\377\177\000\000P\327\377\377\377\177\000\000\f\000\000\000\00
432\000\070d09ebe94e88e461954f76013\000\064\064\060bf74467f\000\000\000\320\377\377\377\177\000\000\200n+\366\377\177\000\000\300\327\377\377\377\177\000\000\260\327\377\377\377\177\000\
177\000\000\360\320\377\377\377\177\000\000\347\303\366\365\377\177\000\000\005\353\a\366\377\177\000\000\000\000\000\000\000\000\000\000\254\326\377\377\377\177\000\000\310\326\377\377\
\000\000\000\000\000\000n+\366\000\000\000\000 
&\372\365\000\000\000\000\240\326\377\377\377\177\000\000\200\003\231\000\000\000\000"
(gdb) info frame
Stack level 0, frame at 0x7fffffffd1e0:
  rip = 0x7ffff0e02d63 in attr_filter_common 
(src/modules/rlm_attr_filter/rlm_attr_filter.c:269); saved rip 0x41d6f9
  called by frame at 0x7fffffffda00
  source language c.
  Arglist at 0x7fffffffcfe8, args: instance=0x8a1880, request=0x8e77b0, 
packet=0x942e00
  Locals at 0x7fffffffcfe8, Previous frame's sp is 0x7fffffffd1e0
  Saved registers:
   rbx at 0x7fffffffd1a8, rbp at 0x7fffffffd1b0, r12 at 0x7fffffffd1b8, 
r13 at 0x7fffffffd1c0, r14 at 0x7fffffffd1c8, r15 at 0x7fffffffd1d0, rip 
at 0x7fffffffd1d8
(gdb)





-------------------------

This should be on devel, but nevermind.

Should be fixed, can you check?

-Arran

Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team



Il 30/05/13 15.58, duffy ha scritto:
> hi list!
>
> today we built from master and we ran into this:
>
> Ready to process requests.
> rad_recv: Access-Request packet from host 172.20.23.31 port 1814,
> id=193, length=228
>          NAS-Port-Type = Wireless-802.16
>          Proxy-State = 0x323231
>          WiMAX-Available-In-Client = 99
>          Service-Type = Framed-User
>          WiMAX-BS-ID = 0x303030303230303630313030
>          WiMAX-Release = "1.1"
>          Message-Authenticator = 0x6149f02200f787d01064d0305effb1ce
>          WiMAX-Accounting-Capabilities = Flow-Based
>          NAS-IP-Address = 172.20.10.121
>          WiMAX-Hotlining-Capabilities = Hotline-Profile-Id
>          Calling-Station-Id = "0B4E398C5FF7"
>          User-Name = "test at fr3"
>          Event-Timestamp = "May 30 2013 15:42:48 CEST"
>          NAS-Identifier = "A_NAS"
>          WiMAX-GMT-Timezone-offset = 16777216
>          EAP-Message = 0x022a000d017465737440667233
>          Attr-26 = 0x000060b5010301
>          WiMAX-Idle-Mode-Notification-Cap = Supported
> (3) # Executing section authorize from file
> /etc/raddb/sites-enabled/default
> (3)   group authorize {
> (3)  - entering group authorize {...}
> (3) eap : EAP packet type response id 42 length 13
> (3) eap : EAP-Identity reply, returning 'ok' so we can short-circuit the
> rest of authorize
> (3)   [eap] = ok
>
> Breakpoint 1, hints_setup (hints=0x9f9790, request=0xaf9870) at
> src/modules/rlm_preprocess/rlm_preprocess.c:381
> 381     {
> Missing separate debuginfos, use: debuginfo-install
> freeradius-3.0.0-13.el6.x86_64
> (gdb) f
> #0  hints_setup (hints=0x9f9790, request=0xaf9870) at
> src/modules/rlm_preprocess/rlm_preprocess.c:381
> 381     {
> (gdb) info args
> hints = 0x9f9790
> request = 0xaf9870
> (gdb) info frame
> Stack level 0, frame at 0x7fffffffc910:
>   rip = 0x7fffe7b222a0 in hints_setup
> (src/modules/rlm_preprocess/rlm_preprocess.c:381); saved rip 0x7fffe7b227eb
>   called by frame at 0x7fffffffcd30
>   source language c.
>   Arglist at 0x7fffffffc900, args: hints=0x9f9790, request=0xaf9870
>   Locals at 0x7fffffffc900, Previous frame's sp is 0x7fffffffc910
>   Saved registers:
>    rip at 0x7fffffffc908
> (gdb) n
> 389             request_pairs = request->packet->vps;
> (gdb) n
> 391             if (!hints || !request_pairs)
> (gdb) n
> 389             request_pairs = request->packet->vps;
> (gdb) n
> 391             if (!hints || !request_pairs)
> (gdb) n
> 397             name = (tmp = pairfind(request_pairs, PW_USER_NAME, 0,
> TAG_ANY)) ?
> (gdb) n
> 399             if (!name || name[0] == 0) {
> (gdb) n
> 421                             pairdelete(&add, PW_STRIP_USER_NAME, 0,
> TAG_ANY);
> (gdb) n
> 410                     if (((strcmp(i->name, "DEFAULT") == 0) ||
> (strcmp(i->name, name) == 0)) &&
> (gdb) n
> 411                         (paircompare(request, request_pairs,
> i->check, NULL) == 0)) {
> (gdb) n
>
> Program received signal SIGSEGV, Segmentation fault.
> 0x00007ffff75d4a56 in paircompare (request=0xaf9870, req_list=0xaf9ce0,
> check=0x9f8fe0, rep_list=0x0) at src/main/valuepair.c:495
> 495                     if (!check_item->da->vendor) switch
> (check_item->da->attr) {
> (gdb) info args
> request = 0xaf9870
> req_list = 0xaf9ce0
> check = 0x9f8fe0
> rep_list = 0x0
> (gdb) info frame
> Stack level 0, frame at 0x7fffffffc8b0:
>   rip = 0x7ffff75d4a56 in paircompare (src/main/valuepair.c:495); saved
> rip 0x7fffe7b223bb
>   called by frame at 0x7fffffffc910
>   source language c.
>   Arglist at 0x7fffffffc808, args: request=0xaf9870, req_list=0xaf9ce0,
> check=0x9f8fe0, rep_list=0x0
>   Locals at 0x7fffffffc808, Previous frame's sp is 0x7fffffffc8b0
>   Saved registers:
>    rbx at 0x7fffffffc878, rbp at 0x7fffffffc880, r12 at 0x7fffffffc888,
> r13 at 0x7fffffffc890, r14 at 0x7fffffffc898, r15 at 0x7fffffffc8a0, rip
> at 0x7fffffffc8a8
> (gdb) print check_item->da
> $1 = (const DICT_ATTR *) 0x1000003ec
> (gdb) print check_item->da->vendor
> Cannot access memory at address 0x1000003f4
> (gdb) print check_item->da->attr
> Cannot access memory at address 0x1000003ec
>
>
> it looks like a bug in src/modules/rlm_preprocess/rlm_preprocess.c but
> we're not so sure about the resolution; has anyone encountered/solved
> the same issue?
>
> thanks+regards,
> duffy

More information about the Freeradius-Devel mailing list