3.0.0 detail: suppress now works, but found a SEGV elsewhere

[Arran Cudbard-Bell]

On 7 Jan 2014, at 07:51, Stefan Winter <stefan.winter at restena.lu> wrote:

> Hi,
> 
>>>> And the log files do contain the User-Password attribute.
>>> 
>>> That shouldn't happen
>> 
>> Fixed.
> 
> Umm. In a way, yes. With current SVN (v3.0.x from a few minutes ago), 
> the logs don't contain the User-Password.
> 
> Unfortunately, shortly after detail is done (it logs the packet,
> omits the User-Password), the server crashes with a SEGV.
> 
> Here's the -X log of the moment:
> 
> (0) auth_log_silent : /var/log/radius/radacct/%Y%m%d/%{RESTENA-Service-Type}-service/auth-detail expands to /var/log/radius/radacct/20140107/Staff-IMAP-service/auth-detail
> (0) auth_log_silent :   expand: "%t" -> 'Tue Jan  7 08:43:27 2014'
> (0)   [auth_log_silent] = ok
> (0)   ? if ( "%{RESTENA-Service-Type}" == "Staff-IMAP" && "%{strlen:%{User-Password}}" == "96" ) 
> (0)     expand: "Staff-IMAP" -> 'Staff-IMAP'
> (0)     expand: "%{RESTENA-Service-Type}" -> 'Staff-IMAP'
> (0)     expand: "96" -> '96'
> (0)     expand: "%{strlen:%{User-Password}}" -> '96'
> (0)   ? if ( "%{RESTENA-Service-Type}" == "Staff-IMAP" && "%{strlen:%{User-Password}}" == "96" )  -> TRUE
> (0)   if ( "%{RESTENA-Service-Type}" == "Staff-IMAP" && "%{strlen:%{User-Password}}" == "96" )  {
> Segmentation fault
> 
> My config for this states:
> 
>        auth_log_silent
>        if ( "%{RESTENA-Service-Type}" == "Staff-IMAP" && "%{strlen:%{User-Password}}" == "96" ) {
>                sql-webmailsso
>        }
> 
> So it crashed before invoking an sql instance? The same worked on 3.0.0.

Yes that doesn't exactly mean much it being C.

I can't reproduce it by calling strlen, could you maybe provide a backtrace?

(1) # Executing section authorize from file /usr/local/freeradius/etc/raddb/sites-enabled/default
(1)   authorize {
(1) detail : 	expand: "/usr/local/freeradius/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d" -> '/usr/local/freeradius/var/log/radius/radacct/127.0.0.1/detail-20140107'
(1) detail : /usr/local/freeradius/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d expands to /usr/local/freeradius/var/log/radius/radacct/127.0.0.1/detail-20140107
(1) detail : 	expand: "%t" -> 'Tue Jan  7 11:14:32 2014'
(1)   [detail] = ok
(1)   update control {
(1) 	expand: "%{strlen:%{User-Password}}" -> '3'
(1) 		Tmp-Integer-0 := 3
(1)   } # update control = noop
(1)   ? if ("%{strlen:%{User-Password}}" == "3") 
(1) 	expand: "3" -> '3'
(1) 	expand: "%{strlen:%{User-Password}}" -> '3'
(1)   ? if ("%{strlen:%{User-Password}}" == "3")  -> TRUE
(1)   if ("%{strlen:%{User-Password}}" == "3")  {
(1)    [reject] = reject
(1)   } # if ("%{strlen:%{User-Password}}" == "3")  = reject
(1)  } #  authorize = reject
(1) Using Post-Auth-Type Reject

Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team

FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 881 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140107/4e664ca9/attachment.pgp>