3.0.x HEAD crashing

Herwin Weststrate herwin at quarantainenet.nl
Wed Jun 18 11:08:48 CEST 2014


On 17-06-14 19:05, Arran Cudbard-Bell wrote:
> 
> On 17 Jun 2014, at 15:55, Phil Mayers <p.mayers at imperial.ac.uk> wrote:
> 
>> On 17/06/14 15:33, Phil Mayers wrote:
>>
>>> Will try and re-trigger under valgrind, though memcheck seems to report
>>> a *lot* for 3.0.x head - many alloc-without-free for regexp compilations
>>> at compile parse time and similar.
>>
>> Ok, looks like use-after-free somewhere. Valgrind report is really really big, but it looks like the pertinent stuff is:
> 
> From the backtrace below we know it's a control attribute.
> 
> What modules are you using?
> 

I've got a very similar crash with a nearly vanilla config. Logging and
backtrace of it can be found at
https://gist.github.com/qnet-herwin/8444b0f2e9304b9432a3

Got this error with 3.0.x (5187f6729b5ff51c5b10f3c4c8bd3da5db72e07b),
with two simple changes to the config: disable the ssl check (debian)
and enable the user bob from the users file, with the attribute
Reply-Message. Then a simple PAP authentication attempt (even with a
wrong password) crashes the server.

-- 
Herwin Weststrate


More information about the Freeradius-Devel mailing list