configurable failover & segmentation fault when reloaded

Milan Holub holub at thenet.ch
Thu Apr 19 10:22:24 CEST 2007 

Hi all,

here is another bug report(but don't worry; I'm running out of my
bugreports):

I used to have following attr_rewrite in modules section:

        attr_rewrite fix_sqlcounter_reply {
                attribute = Reply-Message
                searchin = reply
                searchfor = "Your maximum never usage time has been reached"
                replacewith = "LoginNoCredit"
                ignore_case = no
                new_attribute = no
                max_matches = 1
                append = no
        }

and following "configurable failover" section under authorize:

       group {
                noresetcounter {
                        reject = 1
                        ok = return
                        noop = return
                }
                fix_sqlcounter_reply {
                        ok = reject
                }
        }

        group {
                noresetcounterflat {
                        reject = 1
                        ok = return
                        noop = return
                }
                fix_sqlcounter_reply {
                        ok = reject
                }
        }

...using cvs head

I'm not using this config anymore since it was a silly workaround for
an issue which was fixed differently. BUT it's the valid config and I want to point out that 
there is a bug when re-reading configuration containing "failover sections" after HUP.
This bug causes segmentation fault:


Program received signal SIGSEGV, Segmentation fault.
0x4029bc1b in free () from /lib/libc.so.6
(gdb) bt
#0  0x4029bc1b in free () from /lib/libc.so.6
#1  0x4029baa3 in free () from /lib/libc.so.6
#2  0x0804ee49 in cf_data_free (cd=0xbfffe470) at conffile.c:187
#3  0x0804f194 in cf_section_free (cs=0xbfffe4a4) at conffile.c:343
#4  0x0804f1b3 in cf_section_free (cs=0xbfffe4d4) at conffile.c:337
#5  0x0804f1b3 in cf_section_free (cs=0x8079e50) at conffile.c:337
#6  0x0805570c in read_mainconfig (reload=1) at mainconfig.c:836
#7  0x08058d2a in main (argc=2, argv=0xbffffb94) at radiusd.c:540
(gdb) up
#1  0x4029baa3 in free () from /lib/libc.so.6
(gdb) up
#2  0x0804ee49 in cf_data_free (cd=0xbfffe470) at conffile.c:187
187             free((*cd)->name);
(gdb) list
182
183     static void cf_data_free(CONF_DATA **cd)
184     {
185             if (!cd || !*cd) return;
186
187             free((*cd)->name);
188             if (!(*cd)->free) {
189                     free((*cd)->data);
190             } else {
191                     ((*cd)->free)((*cd)->data);
(gdb) print (*cd)->name
$1 = 0x81fda70 "instance`"
(gdb) print (*cd)->item
$2 = {next = 0x0, parent = 0x807d800, lineno = 0, type = CONF_ITEM_DATA}
(gdb) print (*cd)->item->parent
$3 = (struct conf_part *) 0x807d800
(gdb) print (*cd)->item->parent->name1
$4 = 0x807d840 "attr_rewrite"
(gdb) print (*cd)->item->parent->name2
$5 = 0x807d858 "fix_sqlcounter_reply"
(gdb)

==> I wonder especially where the $1 = 0x81fda70 "instance`" comes
from...

This should be probably fixed before 2.0 released...


Milan Holub
holub (at) thenet (dot) ch

--------------------------------------
 TheNet-Internet Services AG,
 im Bernertechnopark, Morgenstr. 129
 CH-3018, Bern, Switzerland
 031 998 4333, Fax 031 998 4330
 http://www.thenet.ch
 http://wlan.thenet.ch
--------------------------------------

More information about the Freeradius-Users mailing list