SEGV in 3.0.11
Phil Mayers
p.mayers at imperial.ac.uk
Tue Mar 15 15:22:04 CET 2016
On 15/03/16 14:03, Phil Mayers wrote:
> Finally getting some time to look at moving us off 2.x again, and first
> run:
>
> https://gist.github.com/philmayers/90d7a605c3020ff07820
>
> Trying to dig into what's triggering it now. It's a huge config with a
> lot of stuff in, and the minimal changes to move from 2.x to 3.x
>
Looks like req_list is getting trampled with something - rlm_sql query
strings from the look of the memory. But I don't understand how -
paircompare is passed request, request->packet->vps but by line 537
req_list is now a different pointer:
(gdb) print request
$70 = (REQUEST *) 0xa68720
(gdb) print request->packet->vps
$71 = (VALUE_PAIR *) 0xa55110
(gdb) print req_list
$72 = (VALUE_PAIR *) 0xa673c0
(gdb) x/5s req_list
0xa673c0: "select distinct groupname from (select * from netgroup where
username=lower('"
0xa6740e: ""
0xa6740f: ""
0xa67410: "\260"
0xa67412: ""
Can't see how req_list can get mutated in that function.
Will try 3.0 HEAD.
More information about the Freeradius-Devel
mailing list