dynamic clients configuration may cause radiusd 3.2.0 (and earlier) to hang

Sam Yee sam.yee at incognito.com
Tue Jul 12 23:29:36 UTC 2022


Hi freeradius devs.  I was able to cause radiusd to hang by configuring a dynamic client in SQL using the same shared secret of an existing static client.  It causes a loop in a linked list.  Here is the fix:

--- cut ---
--- freeradius-server-3.2.0/src/main/client.c.orig      2022-04-21 13:11:17.000000000 -0700
+++ freeradius-server-3.2.0/src/main/client.c   2022-07-12 16:05:13.900988256 -0700
@@ -1425,7 +1425,13 @@
                } else {
                        RDEBUG2("%s = %s", cf_pair_attr(cp), cf_pair_value(cp));
                }
-               cf_pair_add(c->cs, cp);
+
+               if (cp != NULL)
+               {
+                       cf_pair_add(c->cs, cp);
+               }
+
+               cp = NULL;

                talloc_free(vp);
        }
--- cut ---

After calling cf_pair_add(), cp is added to the list.  In the next loop iteration, cp may not be re-allocated, and it is attempted to be re-added to the list.  cp's next pointer points back to itself.  Please let me know if the fix can make it to the next stable release.

Thanks,
Sam



More information about the Freeradius-Devel mailing list