Fix for bug where originating CoA requests causes segfault if proxying is disabled. #1684

Closed
wants to merge 1 commit into
from

Projects

None yet

2 participants

@paterry
paterry commented Aug 23, 2016 edited

If FreeRADIUS 3.0.11 is configured to originate CoA requests in response to certain packets using the following files:

etc/raddb/sites-enabled/default
etc/raddb/sites-enabled/originate-coa
etc/raddb/clients.conf

it will segfault if the following line is present in etc/raddb/radiusd.conf:

proxy_requests = no

In src/main/process.c request_coa_originate() calls insert_into_proxy_hash(), which expects the global variable proxy_list to be initialised. It is initialised in radius_event_start(), but only if main_config.proxy_requests is true.

The patch adds the following configuration parameter:

originate_coa_requests = yes / no

If it is set to 'yes' the proxy_list global will be initialised if the proxy code hasn't already done so. Otherwise CoA requests will not be originated. It defaults to 'yes'.

@alandekok alandekok added a commit that referenced this pull request Aug 23, 2016
@alandekok alandekok Don't originate_coa unless proxy_requests=yes. Fixes #1684 ba3113c
@alandekok
Member

The simpler fix is to disallow originate_coa unless proxy_requests = yes.

Sending CoA packets is proxying. So there's no point in allowing CoA when proxying is disallowed.

There is no problem (security, performance, etc.) when allowing proxy_requests = yes, but never doing proxying.

@alandekok alandekok closed this Aug 23, 2016
@paterry paterry deleted the unknown repository branch Aug 24, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment