Segmentation fault after [peap] Using saved attributes from the original Access-Accept

tom greisch tom.greisch at yahoo.de
Wed Mar 18 11:55:28 CET 2015 

Hi together,
the first Authentication of a User works fine. If there is a Request for the same User (in a short time intervall) i get the following message "[peap] Using saved attributes from the original Access-Accept". After this Message i get a Segmentation Fault. 


Any Ideas ?



freeradius Version: 2.2.5 (compiled with--with-experimental-modules) 

OS Version: Debian 8 (Jessie)


Output from valgrind:
======================
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+group authenticate {
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] eaptls_process returned 7 
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] Peap state send tlv success
[peap] Received EAP-TLV response.
[peap] Success
[peap] Using saved attributes from the original Access-Accept
User-Name = "anonymous"
==46641== Invalid read of size 8
==46641==    at 0x4E4B7E5: pairadd (in /usr/lib/freeradius/libfreeradius-radius-020205.so)
==46641==    by 0x7D32618: eaptls_gen_mppe_keys (in /usr/lib/freeradius/libfreeradius-eap-2.2.5.so)
==46641==    by 0x7D31257: eaptls_success (in /usr/lib/freeradius/libfreeradius-eap-2.2.5.so)
==46641==    by 0x7B26FAB: eaptype_call (eap.c:175)
==46641==    by 0x7B2745D: eaptype_select (eap.c:409)
==46641==    by 0x7B26A8C: eap_authenticate (rlm_eap.c:327)
==46641==    by 0x41C07C: call_modsingle (modcall.c:305)
==46641==    by 0x41C07C: modcall_recurse (modcall.c:579)
==46641==    by 0x41B9C8: modcall_child (modcall.c:423)
==46641==    by 0x41BC68: modcall_recurse (modcall.c:628)
==46641==    by 0x41C819: modcall (modcall.c:877)
==46641==    by 0x41AD29: indexed_modcall (modules.c:750)
==46641==    by 0x40A4EF: rad_check_password (auth.c:382)
==46641==    by 0x40A4EF: rad_authenticate (auth.c:667)
==46641==  Address 0x70 is not stack'd, malloc'd or (recently) free'd
==46641== 
==46641== 
==46641== Process terminating with default action of signal 11 (SIGSEGV)
==46641==  Access not within mapped region at address 0x70
==46641==    at 0x4E4B7E5: pairadd (in /usr/lib/freeradius/libfreeradius-radius-020205.so)
==46641==    by 0x7D32618: eaptls_gen_mppe_keys (in /usr/lib/freeradius/libfreeradius-eap-2.2.5.so)
==46641==    by 0x7D31257: eaptls_success (in /usr/lib/freeradius/libfreeradius-eap-2.2.5.so)
==46641==    by 0x7B26FAB: eaptype_call (eap.c:175)
==46641==    by 0x7B2745D: eaptype_select (eap.c:409)
==46641==    by 0x7B26A8C: eap_authenticate (rlm_eap.c:327)
==46641==    by 0x41C07C: call_modsingle (modcall.c:305)
==46641==    by 0x41C07C: modcall_recurse (modcall.c:579)
==46641==    by 0x41B9C8: modcall_child (modcall.c:423)
==46641==    by 0x41BC68: modcall_recurse (modcall.c:628)
==46641==    by 0x41C819: modcall (modcall.c:877)
==46641==    by 0x41AD29: indexed_modcall (modules.c:750)
==46641==    by 0x40A4EF: rad_check_password (auth.c:382)
==46641==    by 0x40A4EF: rad_authenticate (auth.c:667)
==46641==  If you believe this happened as a result of a stack
==46641==  overflow in your program's main thread (unlikely but
==46641==  possible), you can try to increase the size of the
==46641==  main thread stack using the --main-stacksize= flag.
==46641==  The main thread stack size used in this run was 8388608.
==46641== 
==46641== HEAP SUMMARY:
==46641==     in use at exit: 2,789,061 bytes in 54,399 blocks
==46641==   total heap usage: 113,115 allocs, 58,716 frees, 7,949,363 bytes allocated
==46641== 
==46641== 312 bytes in 1 blocks are possibly lost in loss record 1,029 of 1,259
==46641==    at 0x4C28C20: malloc (vg_replace_malloc.c:296)
==46641==    by 0x4E4B496: pairalloc (in /usr/lib/freeradius/libfreeradius-radius-020205.so)
==46641==    by 0x4E4CBBB: pairmake (in /usr/lib/freeradius/libfreeradius-radius-020205.so)
==46641==    by 0x7D32487: ??? (in /usr/lib/freeradius/libfreeradius-eap-2.2.5.so)
==46641==    by 0x7D32618: eaptls_gen_mppe_keys (in /usr/lib/freeradius/libfreeradius-eap-2.2.5.so)
==46641==    by 0x7D31257: eaptls_success (in /usr/lib/freeradius/libfreeradius-eap-2.2.5.so)
==46641==    by 0x7B26FAB: eaptype_call (eap.c:175)
==46641==    by 0x7B2745D: eaptype_select (eap.c:409)
==46641==    by 0x7B26A8C: eap_authenticate (rlm_eap.c:327)
==46641==    by 0x41C07C: call_modsingle (modcall.c:305)
==46641==    by 0x41C07C: modcall_recurse (modcall.c:579)
==46641==    by 0x41B9C8: modcall_child (modcall.c:423)
==46641==    by 0x41BC68: modcall_recurse (modcall.c:628)
==46641== 
==46641== LEAK SUMMARY:
==46641==    definitely lost: 0 bytes in 0 blocks
==46641==    indirectly lost: 0 bytes in 0 blocks
==46641==      possibly lost: 312 bytes in 1 blocks
==46641==    still reachable: 2,788,749 bytes in 54,398 blocks
==46641==         suppressed: 0 bytes in 0 blocks
==46641== Reachable blocks (those to which a pointer was found) are not shown.
==46641== To see them, rerun with: --leak-check=full --show-leak-kinds=all
==46641== 
==46641== For counts of detected and suppressed errors, rerun with: -v
==46641== Use --track-origins=yes to see where uninitialised values come from
==46641== ERROR SUMMARY: 14864 errors from 597 contexts (suppressed: 0 from 0)
==46641== could not unlink /tmp/vgdb-pipe-from-vgdb-to-46641-by-root-on-???
==46641== could not unlink /tmp/vgdb-pipe-to-vgdb-from-46641-by-root-on-???
==46641== could not unlink /tmp/vgdb-pipe-shared-mem-vgdb-46641-by-root-on-???
Segmentation fault

More information about the Freeradius-Users mailing list