segmentation fault in rlm_preprocess
duffy
reg.marcos at yahoo.it
Thu May 30 15:58:55 CEST 2013
hi list!
today we built from master and we ran into this:
Ready to process requests.
rad_recv: Access-Request packet from host 172.20.23.31 port 1814,
id=193, length=228
NAS-Port-Type = Wireless-802.16
Proxy-State = 0x323231
WiMAX-Available-In-Client = 99
Service-Type = Framed-User
WiMAX-BS-ID = 0x303030303230303630313030
WiMAX-Release = "1.1"
Message-Authenticator = 0x6149f02200f787d01064d0305effb1ce
WiMAX-Accounting-Capabilities = Flow-Based
NAS-IP-Address = 172.20.10.121
WiMAX-Hotlining-Capabilities = Hotline-Profile-Id
Calling-Station-Id = "0B4E398C5FF7"
User-Name = "test at fr3"
Event-Timestamp = "May 30 2013 15:42:48 CEST"
NAS-Identifier = "A_NAS"
WiMAX-GMT-Timezone-offset = 16777216
EAP-Message = 0x022a000d017465737440667233
Attr-26 = 0x000060b5010301
WiMAX-Idle-Mode-Notification-Cap = Supported
(3) # Executing section authorize from file /etc/raddb/sites-enabled/default
(3) group authorize {
(3) - entering group authorize {...}
(3) eap : EAP packet type response id 42 length 13
(3) eap : EAP-Identity reply, returning 'ok' so we can short-circuit the
rest of authorize
(3) [eap] = ok
Breakpoint 1, hints_setup (hints=0x9f9790, request=0xaf9870) at
src/modules/rlm_preprocess/rlm_preprocess.c:381
381 {
Missing separate debuginfos, use: debuginfo-install
freeradius-3.0.0-13.el6.x86_64
(gdb) f
#0 hints_setup (hints=0x9f9790, request=0xaf9870) at
src/modules/rlm_preprocess/rlm_preprocess.c:381
381 {
(gdb) info args
hints = 0x9f9790
request = 0xaf9870
(gdb) info frame
Stack level 0, frame at 0x7fffffffc910:
rip = 0x7fffe7b222a0 in hints_setup
(src/modules/rlm_preprocess/rlm_preprocess.c:381); saved rip 0x7fffe7b227eb
called by frame at 0x7fffffffcd30
source language c.
Arglist at 0x7fffffffc900, args: hints=0x9f9790, request=0xaf9870
Locals at 0x7fffffffc900, Previous frame's sp is 0x7fffffffc910
Saved registers:
rip at 0x7fffffffc908
(gdb) n
389 request_pairs = request->packet->vps;
(gdb) n
391 if (!hints || !request_pairs)
(gdb) n
389 request_pairs = request->packet->vps;
(gdb) n
391 if (!hints || !request_pairs)
(gdb) n
397 name = (tmp = pairfind(request_pairs, PW_USER_NAME, 0,
TAG_ANY)) ?
(gdb) n
399 if (!name || name[0] == 0) {
(gdb) n
421 pairdelete(&add, PW_STRIP_USER_NAME, 0,
TAG_ANY);
(gdb) n
410 if (((strcmp(i->name, "DEFAULT") == 0) ||
(strcmp(i->name, name) == 0)) &&
(gdb) n
411 (paircompare(request, request_pairs,
i->check, NULL) == 0)) {
(gdb) n
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff75d4a56 in paircompare (request=0xaf9870, req_list=0xaf9ce0,
check=0x9f8fe0, rep_list=0x0) at src/main/valuepair.c:495
495 if (!check_item->da->vendor) switch
(check_item->da->attr) {
(gdb) info args
request = 0xaf9870
req_list = 0xaf9ce0
check = 0x9f8fe0
rep_list = 0x0
(gdb) info frame
Stack level 0, frame at 0x7fffffffc8b0:
rip = 0x7ffff75d4a56 in paircompare (src/main/valuepair.c:495); saved
rip 0x7fffe7b223bb
called by frame at 0x7fffffffc910
source language c.
Arglist at 0x7fffffffc808, args: request=0xaf9870, req_list=0xaf9ce0,
check=0x9f8fe0, rep_list=0x0
Locals at 0x7fffffffc808, Previous frame's sp is 0x7fffffffc8b0
Saved registers:
rbx at 0x7fffffffc878, rbp at 0x7fffffffc880, r12 at 0x7fffffffc888,
r13 at 0x7fffffffc890, r14 at 0x7fffffffc898, r15 at 0x7fffffffc8a0, rip
at 0x7fffffffc8a8
(gdb) print check_item->da
$1 = (const DICT_ATTR *) 0x1000003ec
(gdb) print check_item->da->vendor
Cannot access memory at address 0x1000003f4
(gdb) print check_item->da->attr
Cannot access memory at address 0x1000003ec
it looks like a bug in src/modules/rlm_preprocess/rlm_preprocess.c but
we're not so sure about the resolution; has anyone encountered/solved
the same issue?
thanks+regards,
duffy
More information about the Freeradius-Users
mailing list