3.0.x HEAD crashing

Phil Mayers p.mayers at imperial.ac.uk
Wed Jun 18 22:50:50 CEST 2014

On 18/06/2014 19:11, Phil Mayers wrote:

> I have some circumstantial evidence that eap_ttls is implicated, and
> that it might be related to the handling of the fake requests for the
> inner tunnel - but it's very circumstantial. The heap corruption makes
> it really hard to be sure of anything - *someone* is trampling over
> memory they shouldn't, but valgrind seems to get very very confused when
> this happens, and swamps me with messages.

I can reproduce this with an almost-vanilla config now. Changes I made 
(verified with diff) from the default "make install" config:

  1. Adding a client to clients.conf
  2. Enabling a test user in "users" with a Cleartext-Password
  3. Increase max_requests to 65536 (to allow it to take the test load)
  4. Allow vulnerable openssl
  5. Throwing a load of PEAP & TTLS at it using "eapol_test -r 1" - 1x 
PEAP and 3x TTLS requests every 0.1 seconds, like this:

while true; do
eapol_test -r 1 $PEAP &
eapol_test -r 1 $TTLS &
eapol_test -r 1 $TTLS &
eapol_test -r 1 $TTLS &
sleep 0.1

Under this config it takes a few seconds to minutes to crash, but seems 
to be pretty reliably doing it under #73629e9

More information about the Freeradius-Devel mailing list