/freeradius-server

New issue

Segfault with invalid use of %{home_server} #1922

Closed
pauldekkers opened this Issue Feb 24, 2017 · 2 comments

Comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@pauldekkers @alandekok
@pauldekkers

pauldekkers commented Feb 24, 2017

Issue type

  • Defect - Crash or memory corruption.

Defect/Feature description

I shouldn't use it like this, but I guess FreeRADIUS shouldn't crash either ;-)

I was evaluating whether I can see variables from my realm pool or home_server at all in unlang. When I add

pre-proxy {
    "%{home_server}"
}

in my default server, I get a Segmentation Fault

How to reproduce issue

With 3.0.x of today, tried on a Debian machine with ./configure or make deb (doesn't matter):

Add:

pre-proxy {
    "%{home_server}"
}

in the default-server, or %{home_server_pool} for that matter, and a simple proxy.conf:

proxy server {
    default_fallback = no
}

realm DEFAULT {
    pool = REMOTE
    nostrip
}

home_server_pool REMOTE {
    home_server = REMOTE-1
}

home_server REMOTE-1 {
    type = auth+acct
    ipv4addr = 10.0.0.1
    port = 1812
    secret = testing123
    status_check = none
}

What I was after BTW was %{home_server_pool:somevar} which works fine :-) but I tried that later obviously. (Or %{realm:somevar} which appears to be unavailable, confirming from rlm_realm source).

Output of gdb showing issue occurring

(0) Received Access-Request Id 0 from 127.0.0.1:43644 to 127.0.0.1:1812 length 166
(0)   User-Name = "some@remote"
(0)   NAS-IP-Address = 127.0.0.1
(0)   Calling-Station-Id = "02-00-00-00-00-01"
(0)   Framed-MTU = 1400
(0)   NAS-Port-Type = Wireless-802.11
(0)   Connect-Info = "CONNECT 11Mbps 802.11b"
(0)   EAP-Message = 0x02000022017061756c2e64656b6b6572734067756573742e737572666e65742e6e6c
(0)   Message-Authenticator = 0x1fdde7982de764807ace635c665bde3e
(0) # Executing section authorize from file /opt/etc/raddb/sites-enabled/default
(0) # Executing section pre-proxy from file /opt/etc/raddb/sites-enabled/default

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffee41d700 (LWP 12245)]
__strcmp_sse2_unaligned () at ../sysdeps/x86_64/multiarch/strcmp-sse2-unaligned.S:29
29      ../sysdeps/x86_64/multiarch/strcmp-sse2-unaligned.S: No such file or directory.
(gdb) bt
#0  __strcmp_sse2_unaligned () at ../sysdeps/x86_64/multiarch/strcmp-sse2-unaligned.S:29
#1  0x0000000000446fe8 in xlat_home_server (instance=0x0, request=0x968160, fmt=0x0, out=0x7fffe8014590 "", outlen=2048) at src/main/realms.c:237
#2  0x00007ffff7bca8ef in xlat_aprint (ctx=0x968160, request=0x968160, node=0x7fffe8013410, escape=0x0, escape_ctx=0x0, lvl=0) at src/main/xlat.c:2249
#3  0x00007ffff7bcaf57 in xlat_process (out=0x7fffee41bcf0, request=0x968160, head=0x7fffe8013410, escape=0x0, escape_ctx=0x0) at src/main/xlat.c:2431
#4  0x00007ffff7bcb266 in xlat_expand_struct (out=0x7fffee41bd88, outlen=128, request=0x968160, node=0x7fffe8013410, escape=0x0, escape_ctx=0x0) at src/main/xlat.c:2503
#5  0x00007ffff7bcb3f1 in xlat_expand (out=0x7fffee41bd88, outlen=128, request=0x968160, fmt=0x92f730 "%{home_server}", escape=0x0, escape_ctx=0x0) at src/main/xlat.c:2568
#6  0x00007ffff7bcb683 in radius_xlat (out=0x7fffee41be50 "\232\371\311\365\377\177", outlen=128, request=0x968160, fmt=0x92f730 "%{home_server}", escape=0x0, ctx=0x0)
    at src/main/xlat.c:2627
#7  0x000000000042a826 in modcall_recurse (request=0x968160, component=MOD_PRE_PROXY, depth=1, entry=0x7fffee41c9b8, do_next_sibling=true) at src/main/modcall.c:1014
#8  0x0000000000428eb9 in modcall_child (request=0x968160, component=MOD_PRE_PROXY, depth=1, entry=0x7fffee41c9a0, c=0x950010, result=0x7fffee41c894, do_next_sibling=true)
    at src/main/modcall.c:408
#9  0x0000000000429df5 in modcall_recurse (request=0x968160, component=MOD_PRE_PROXY, depth=0, entry=0x7fffee41c9a0, do_next_sibling=true) at src/main/modcall.c:789
#10 0x000000000042ab0c in modcall (component=MOD_PRE_PROXY, c=0x94ff10, request=0x968160) at src/main/modcall.c:1134
#11 0x000000000042632c in indexed_modcall (comp=MOD_PRE_PROXY, idx=0, request=0x968160) at src/main/modules.c:1028
#12 0x00000000004286e6 in process_pre_proxy (type=0, request=0x968160) at src/main/modules.c:2223
#13 0x0000000000440cb2 in request_will_proxy (request=0x968160) at src/main/process.c:3076
#14 0x000000000043d6ee in request_running (request=0x968160, action=1) at src/main/process.c:1542
#15 0x0000000000439368 in request_handler_thread (arg=0x964790) at src/main/threads.c:698
#16 0x00007ffff6488064 in start_thread (arg=0x7fffee41d700) at pthread_create.c:309
#17 0x00007ffff5d3c62d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111

@alandekok alandekok added a commit that referenced this issue Feb 24, 2017

@alandekok alandekok fmt may be NULL. Fixes #1922
This commit was signed with a verified signature.
@alandekok alandekok Alan DeKok
GPG key ID: 7D0E79CD77621ECD Learn about signing commits
74d2ecc
@alandekok
Owner

alandekok commented Feb 24, 2017

While it shouldn't crash, that configuration is meaningless and does nothing.

I've pushed a fix.
@pauldekkers

pauldekkers commented Feb 24, 2017

Thanks, that resolves it. I was aware it was a meaningless configuration.

pauldekkers closed this Feb 24, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment