segfault in master 3.0.x checking for empty realm
Peter Lambrechtsen
peter at crypt.co.nz
Fri Mar 4 17:34:09 CET 2016
Ran into an interesting issue with my realm code that should have just
given me a reject rather than a segfault.
In my default site I have added to the end the realm:
realm "~.*$" {
}
So that suffix matches every realm as I don't have control over the realm
names and need to perform lookups in the database on the realm.
But if I then try and run suffix with an empty realm and do if check to see
if it's not a particular realm I get a segfault.
suffix
if ( Realm == "testing" ) {
reject
}
or
if ( &Realm == "testing" ) {
reject
}
or
if ( "%{Realm}" == "testing" ) {
reject
}
I always get the segfault.
(0) Received Access-Request Id 46 from 127.0.0.1:34518 to 127.0.0.1:1812
length 256
(0) User-Password = "1234"
(0) User-Name = "user"
(0) # Executing section authorize from file ./sites-enabled/default
...
(0) suffix: Checking for suffix after "@"
(0) suffix: No '@' in User-Name = "user", looking up realm NULL
(0) suffix: Found realm "~.*$"
(0) suffix: Adding Stripped-User-Name = "user"
(0) suffix: Adding Realm = "(null)"
(0) suffix: Authentication realm is LOCAL
(0) [suffix] = ok
(0) if ( Realm == "testing" ) {
Segmentation fault
That's a bit nasty response really. Granted it's not exactly elegant that I
am doing the lookup in the first place. But I didn't expect a segfault from
that.
I've worked around it by doing a check to make sure the realm isn't empty
first.
if ( !&Realm == "" ) {
if ( Realm == "testing" ) {
reject
}
}
else {
reject
}
And that drops into the else nicely
(0) if ( !&Realm == "" ) {
(0) if ( !&Realm == "" ) -> FALSE
(0) else {
(0) [reject] = reject
(0) } # else = reject
(0) } # authorize = reject
Haven't gone looking into the code to see where the issue is yet, but I
will have a look tomorrow.
More information about the Freeradius-Users
mailing list