Segfaulting with rlm_perl

Norman Elton normelton at gmail.com
Fri Sep 2 20:52:56 CEST 2011


I've used GDB to generate a stack trace, specifically using the
instructions on http://freeradius.org/radiusd/doc/bugs.

For this particular test case, I configured as I described above, but
instead of a stripped-down example.pl, I just the one provided, but
put "my $i = 1/0;" in the "test_call" subroutine towards the bottom of
the script.

This was reproduced using 2.1.11.

Let me know if there is additional information I can provide, thanks!

Norman

=====


Starting program: /usr/local/sbin/radiusd -d /usr/local/etc/raddb -X
[Thread debugging using libthread_db enabled]

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff5d8a02a in rlmperl_call (instance=<value optimized out>,
request=0x8a5b30,
    function_name=0x781670 "authorize") at rlm_perl.c:725
725			exitstatus = POPi;
Missing separate debuginfos, use: debuginfo-install
glibc-2.12-1.25.el6_1.3.x86_64 nss-softokn-freebl-3.12.9-3.el6.x86_64
perl-5.10.1-119.el6.x86_64 perl-libs-5.10.1-119.el6.x86_64
* 1 Thread 0x7ffff7fef700 (LWP 29993)  0x00007ffff5d8a02a in
rlmperl_call (instance=<value optimized out>,
    request=0x8a5b30, function_name=0x781670 "authorize") at rlm_perl.c:725

Thread 1 (Thread 0x7ffff7fef700 (LWP 29993)):
#0  0x00007ffff5d8a02a in rlmperl_call (instance=<value optimized
out>, request=0x8a5b30,
    function_name=0x781670 "authorize") at rlm_perl.c:725
        _sv = 0x411
        sp = 0x967f50
        inst = <value optimized out>
        vp = <value optimized out>
        exitstatus = 0
        count = 1
        n_a = 70
        rad_reply_hv = 0x9519d0
        rad_check_hv = 0x908a40
        rad_config_hv = 0x0
        rad_request_hv = 0x914aa0
        rad_request_proxy_hv = 0x942640
        rad_request_proxy_reply_hv = 0x951c10
        interp = 0x967f50
#1  0x000000000041af53 in call_modsingle (component=1, c=<value optimized out>,
    request=<value optimized out>) at modcall.c:297
        myresult = <value optimized out>
#2  modcall (component=1, c=<value optimized out>, request=<value
optimized out>) at modcall.c:670
        myresult = <value optimized out>
        stack = {pointer = 1, priority = {0 <repeats 32 times>},
result = {0 <repeats 32 times>},
          children = {<value optimized out> <repeats 32 times>}, start = {
            <value optimized out> <repeats 32 times>}}
        parent = 0x785c90
        child = 0x7b0a80
        sp = 0x7b0a80
        if_taken = 0
        was_if = 0
#3  0x0000000000417b33 in indexed_modcall (comp=1, idx=0,
request=0x8a5b30) at modules.c:737
        rcode = <value optimized out>
        list = 0x785c90
        server = <value optimized out>
#4  0x0000000000408646 in rad_authenticate (request=0x8a5b30) at auth.c:579
        namepair = <value optimized out>
        check_item = <value optimized out>
        auth_item = 0x8a5d50
        module_msg = <value optimized out>
        tmp = <value optimized out>
        result = <value optimized out>
        password = 0x4349da ""
        autz_retry = 0 '\000'
        autz_type = <value optimized out>
#5  0x000000000042796e in radius_handle_request (request=0x8a5b30,
fun=0x4083e0 <rad_authenticate>)
    at event.c:3780
No locals.
#6  0x000000000041ed3d in thread_pool_addrequest (request=0x8a5b30,
fun=0x4083e0 <rad_authenticate>)
    at threads.c:874
No locals.
#7  0x0000000000428fee in event_socket_handler (xel=<value optimized
out>, fd=<value optimized out>,
    ctx=0x7b1380) at event.c:3425
        listener = 0x7b1380
        fun = 0x4083e0 <rad_authenticate>
        request = 0x8a5b30
#8  0x00007ffff7bd343b in fr_event_loop (el=0x7b1e60) at event.c:413
        ef = <value optimized out>
        i = <value optimized out>
        rcode = 1
        maxfd = 12
        when = {tv_sec = 1314989256, tv_usec = 664777}
        wake = <value optimized out>
        read_fds = {fds_bits = {1024, 0 <repeats 15 times>}}
        master_fds = {fds_bits = {7424, 0 <repeats 15 times>}}
#9  0x000000000041be24 in main (argc=<value optimized out>,
argv=<value optimized out>) at radiusd.c:408
        rcode = <value optimized out>
        argval = <value optimized out>
        spawn_flag = 0
        dont_fork = 1
        flag = 0
        act = {__sigaction_handler = {sa_handler = 0x41c100 <sig_fatal>,
            sa_sigaction = 0x41c100 <sig_fatal>}, sa_mask = {__val =
{0 <repeats 16 times>}},
          sa_flags = 0, sa_restorer = 0}



More information about the Freeradius-Users mailing list