dynamic clients configuration may cause radiusd 3.2.0 (and earlier) to hang
Sam Yee
sam.yee at incognito.com
Tue Jul 12 23:29:36 UTC 2022
Hi freeradius devs. I was able to cause radiusd to hang by configuring a dynamic client in SQL using the same shared secret of an existing static client. It causes a loop in a linked list. Here is the fix:
--- cut ---
--- freeradius-server-3.2.0/src/main/client.c.orig 2022-04-21 13:11:17.000000000 -0700
+++ freeradius-server-3.2.0/src/main/client.c 2022-07-12 16:05:13.900988256 -0700
@@ -1425,7 +1425,13 @@
} else {
RDEBUG2("%s = %s", cf_pair_attr(cp), cf_pair_value(cp));
}
- cf_pair_add(c->cs, cp);
+
+ if (cp != NULL)
+ {
+ cf_pair_add(c->cs, cp);
+ }
+
+ cp = NULL;
talloc_free(vp);
}
--- cut ---
After calling cf_pair_add(), cp is added to the list. In the next loop iteration, cp may not be re-allocated, and it is attempted to be re-added to the list. cp's next pointer points back to itself. Please let me know if the fix can make it to the next stable release.
Thanks,
Sam
More information about the Freeradius-Devel
mailing list