Segfaulting with rlm_perl

Norman Elton normelton at gmail.com
Fri Sep 2 19:54:49 CEST 2011 

>> 2.1.11 is out...and 2.1.12 is almost ready for release - does your system
>> behave in the same way with 2.1.11?

>> Are you using a pre-built package for freeradius or one that you have
>> built yourself?

I am using RedHat's pre-built packages, both FreeRADIUS and Perl. I
have not tried newer versions, but it should be pretty straightforward
to test.

>> And FWIW, we've been using rlm_perl extensively with 2.1.10 without any
>> segfaults.  But then again, that might just be because we write bug free
>> perl code :-)

Oh I have no doubt that people are using rlm_perl trouble-free. I'm
just a little concerned that a bug has the capability to crash the
entire server. In development, not a big deal. In fact, it encourages
good error recovery. But I'd rather not wake up in the middle of the
night and find my entire RADIUS infrastructure has died due to an
unexpected corner case. Usernames with unicode characters particularly
terrify me.

> Of course a script error shouldn't segfault the server. It would have been
> much more useful if you had explained what the script error was and a stack
> trace from the segfault.

I don't have a stack trace yet, but I've got an easily reproducible
test case. This is on RedHat 6, using FreeRadius 2.1.10-5, perl
5.10.1-119, x86_64 architecture. From a fresh install, I cleared out
sites-enabled and created a single enabled server:

server srv-perl-crash {
	authorize {
		preprocess

		update control {
			Auth-Type := Accept
		}

		perl
	}

	authenticate {
		noop
	}

	post-auth {
		noop
	}

	preacct {
		noop
	}
	
	accounting {
		noop
	}
}

I route localhost to that server:

client 127.0.0.1 {
	shortname	= localhost
	secret		= mysecret
	virtual_server	= srv-perl-crash
}

And I define a very simple example.pl:

use strict;
use constant	RLM_MODULE_OK=>        2;#  /* the module is OK, continue */

sub authorize {
	my $i = 1/0;
	return RLM_MODULE_OK;
}

Obviously, a division by zero is a bad thing. But one would expect
FreeRadius to stay online. I fire up the server, and test it with:

radtest -x foo bar 127.0.0.1 1812 mysecret

At first, it gives an error, but survives:

rlm_perl: perl_embed:: module = /etc/raddb/example.pl , func =
authorize exit status= Illegal division by zero at
/etc/raddb/example.pl line 58.

I receive an Access-Reject, and things are fine. I send a second
request, and I get:

rlm_perl: perl_embed:: module = /etc/raddb/example.pl , func =
authorize exit status= Illegal division by zero at
/etc/raddb/example.pl line 58.
Segmentation fault

And the server dies. Uh oh!

Like I said, I will work on a stack trace. Just wanted to get this out
on the list while it's fresh in my mind.

Norman

More information about the Freeradius-Users mailing list