rlm_sql: readclients segmentation fault

Milan Holub holub at thenet.ch
Wed Apr 18 16:43:17 CEST 2007


Hi Alan,

On Tue, Apr 17, 2007 at 03:54:25PM +0200, Milan Holub wrote:
> Hi Alan,
> On Tue, Apr 17, 2007 at 11:45:28AM +0200, Alan DeKok wrote:
> >   *Please* run the server under valgrind to find the source of these
> > problems.
> 
> ==> finally I managed to compile valgrind and can give you thus its
> output...
> 
> I did fresh cvs checkout and then created a debian package on
> woody(export LDFLAGS='-lz'; dpkg-buildpackage -b -uc -d).
> Point 2) I've also compiled&tested on debian testing with the same result.
> 
> After cvs commits from this morning I'm getting segmentation faults in
> following cases:
> 
> 1) snmpwalk (read-query) - when reading the NAS entries
> `/usr/local/bin/valgrind --tool=memcheck --leak-check=full freeradius -X
> &> /devel/freeradius/debug/fr_snmp_walk_1.txt`
> 
> when running
> `snmpwalk -Cc -v 1 -m
> /devel/freeradius/cvs/radiusd/mibs/RADIUS-AUTH-SERVER-MIB.txt -c
> verysecret localhost radiusAuth`
> 
> I get "Segmentation fault":-(
> 
> ==> full -X debug output + valgrind:
> http://pastebin.ca/444684
> 
> 2) when receiving HUP signal
> ==> full -X debug output + valgrind:
> http://pastebin.ca/444717
> 
> 3) snmpset (write-query) - similar to 2)
> ==> similar output as in 2)
> 
> 4) on any incoming radius request (when the corresponding NAS is stored
> in mysql nas table)
> ==> full -X debug output + valgrind:
> http://pastebin.ca/444719
> 
> Am I doing something wrong? Nobody else experience similar behaviour?
> 
> Please advise.
> 
> PS: I like this http://pastebin.ca - it keeps the mailing lists clean...
> 

All segmentation faults were related to the same snmp issue - accessing
num_tree structure.
Here is a debug output for case 4)

rad_recv: Access-Request packet from host <NAS_IN_NAS_TABLE> port 43052, id=161, length=46

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1024 (LWP 26896)]
0x080529ab in auth_socket_recv (listener=0x815aac0, pfun=0xbfffea1c, prequest=0xbfffea20) at listen.c:389
389                     break;
(gdb)
(gdb)
(gdb) bt
#0  0x080529ab in auth_socket_recv (listener=0x815aac0, pfun=0xbfffea1c, prequest=0xbfffea20) at listen.c:389
#1  0x08059073 in main (argc=2, argv=0xbffffbb4) at radiusd.c:643
(gdb) print client
$1 = (RADCLIENT *) 0x81ff5e8
(gdb) list
384              */
385             switch(packet->code) {
386             case PW_AUTHENTICATION_REQUEST:
387                     RAD_SNMP_CLIENT_INC(listener, client, requests);
388                     fun = rad_authenticate;
389                     break;
390
391             case PW_STATUS_SERVER:
392                     if (!mainconfig.status_server) {
393                             RAD_SNMP_TYPE_INC(listener, total_packets_dropped);
(gdb) print client->auth
$2 = (rad_snmp_client_entry_t *) 0x0

==> as you can see the rad_snmp_client_entry type should contain some data
but it does not.

As I do not care much about detail snmp info about every NAS thus I've done
following dummy changes in order to fix the segmentation faults:

1)+2)+3) do not insert clients into snmp structure... 

Index: ./src/main/client.c
===================================================================
RCS file: /source/radiusd/src/main/client.c,v
retrieving revision 1.56
diff -u -r1.56 client.c
--- ./src/main/client.c 17 Apr 2007 09:22:36 -0000      1.56
+++ ./src/main/client.c 18 Apr 2007 14:11:38 -0000
@@ -207,7 +207,7 @@
                return 0;
        }

-#ifdef WITH_SNMP
+#ifdef WITH_SNMPX
        if (!tree_num) {
                tree_num = rbtree_create(client_num_cmp, NULL, 0);
        }


Index: ./src/main/event.c
===================================================================
RCS file: /source/radiusd/src/main/event.c,v
retrieving revision 1.20
diff -u -r1.20 event.c
--- ./src/main/event.c  18 Apr 2007 10:03:30 -0000      1.20
+++ ./src/main/event.c  18 Apr 2007 14:14:32 -0000
@@ -111,24 +111,24 @@
        case PW_AUTHENTICATION_ACK:
                rad_snmp.auth.total_responses++;
                rad_snmp.auth.total_access_accepts++;
-               if (client) client->auth->accepts++;
+               //if (client) client->auth->accepts++;
                break;

        case PW_AUTHENTICATION_REJECT:
                rad_snmp.auth.total_responses++;
                rad_snmp.auth.total_access_rejects++;
-               if (client) client->auth->rejects++;
+               //if (client) client->auth->rejects++;
                break;

        case PW_ACCESS_CHALLENGE:
                rad_snmp.auth.total_responses++;
                rad_snmp.auth.total_access_challenges++;
-               if (client) client->auth->challenges++;
+               //if (client) client->auth->challenges++;
                break;

        case PW_ACCOUNTING_RESPONSE:
                rad_snmp.acct.total_responses++;
-               if (client) client->auth->responses++;
+               //if (client) client->auth->responses++;
                break;

                /*
@@ -138,7 +138,7 @@
        case 0:
                if (request->packet->code == PW_AUTHENTICATION_REQUEST) {
                        rad_snmp.auth.total_bad_authenticators++;
-                       if (client) client->auth->bad_authenticators++;
+                       //if (client) client->auth->bad_authenticators++;
                }
                break;

4) - do not work with client->auth since its empty now
Index: ./src/include/radius_snmp.h
===================================================================
RCS file: /source/radiusd/src/include/radius_snmp.h,v
retrieving revision 1.16
diff -u -r1.16 radius_snmp.h
--- ./src/include/radius_snmp.h 10 Apr 2007 14:21:23 -0000      1.16
+++ ./src/include/radius_snmp.h 18 Apr 2007 14:08:43 -0000
@@ -81,7 +81,7 @@
                                     } else { if (_listener->type == RAD_LISTEN_ACCT) \
                                        rad_snmp.acct._x++; } }

-#define RAD_SNMP_CLIENT_INC(_listener, _client, _x) if (mainconfig.do_snmp) { \
+#define RAD_SNMP_CLIENT_INC(_listener, _client, _x) if (0) { \
                                      if (_listener->type == RAD_LISTEN_AUTH) { \
                                        _client->auth->_x++; \
                                     } else { if (_listener->type == RAD_LISTEN_ACCT) \


This works for me but I believe Alan will fix the issue cleanly ASAP:)

Anyway thanks Alan for your hard job on freeradius.


Milan Holub
holub (at) thenet (dot) ch

--------------------------------------
 TheNet-Internet Services AG,
 im Bernertechnopark, Morgenstr. 129
 CH-3018, Bern, Switzerland
 031 998 4333, Fax 031 998 4330
 http://www.thenet.ch
 http://wlan.thenet.ch
--------------------------------------




More information about the Freeradius-Users mailing list