FreeRADIUS Version 0.8.1 (FreeBSD 5.0)
openssl-SNAP-20030325
Enterasys R2 AP
WindowsXP Supplicant
Hi,
I ran into a problem with sending out the eaptls_success on FreeBSD.
I got a core dump during a eaptls_compose in the file
${freeradius-0.8.1}/src/modules/rlm_eap/types/rlm_eap_tls/eap_tls.c
called from eaptls_success according to the radius debug and a stack
trace:
>rad_recv: Access-Request packet from host xxx.xxx.xxx.x:1343, id=187,
length=142
> Message-Authenticator = 0xef6ef7f16f408a525c8334d5bba244d1
> User-Name = "Administrator"
> State =
> 0x033dca3d049c26e699531ec3153cdbf90fb7833ebd6278e07924ae84f0a0fec3eb42bf56
> NAS-IP-Address = xxx.xxx.xxx.x
> NAS-Port = 2
> NAS-Port-Type = Wireless-802.11
> Calling-Station-Id = "00-02-2d-6a-f0-05"
> Framed-MTU = 1000
> EAP-Message = "\002\007\000\006\r"
>modcall: entering group authorize
> modcall[authorize]: module "preprocess" returns ok
> modcall[authorize]: module "eap" returns updated
> rlm_realm: No '@' in User-Name = "Administrator", looking up realm NULL
> rlm_realm: No such realm NULL
> modcall[authorize]: module "suffix" returns noop
> users: Matched Administrator at 55
> modcall[authorize]: module "files" returns ok
>modcall: group authorize returns updated
> rad_check_password: Found Auth-Type EAP
>auth: type "EAP"
>modcall: entering group authenticate
>rlm_eap: Request found, released from the list
>rlm_eap: EAP_TYPE - tls
>rlm_eap: processing type tls
>rlm_eap_tls: Received EAP-TLS ACK message
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
>Breakpoint 5, eaptls_compose (eap_ds=0x80e0920, reply=0xbfbfdaf0) at
eap_tls.c:
511
>511 *ptr++ = (uint8_t)(reply->flags & 0xFF);
>(gdb) continue
>Continuing.
>Program received signal SIGSEGV, Segmentation fault.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>0x282c5c8f in eaptls_compose (eap_ds=0x80e0920, reply=0xbfbfdaf0) at
eap_tls.c:
511
>511 *ptr++ = (uint8_t)(reply->flags & 0xFF);
>(gdb)
>(gdb) bt
>#0 eaptls_compose (eap_ds=0x80e0870, reply=0xbfbfdaf0) at eap_tls.c:511
>#1 0x282c56d4 in eaptls_success (eap_ds=0x80e0870) at eap_tls.c:108
>#2 0x282c58ea in eaptls_ack_handler (handler=0x80e2100) at eap_tls.c:232
>#3 0x282c54f1 in eaptls_authenticate (arg=0x80e0390, handler=0x80e2100) at rlm
_eap_tls.c:192
>#4 0x282bfd38 in eaptype_call (eap_type=13, action=INITIATE, type_list=0x80712c0,
> handler=0x80e2100) at eap.c:205
>#5 0x282bfe73 in eaptype_select (type_list=0x80712c0, handler=0x80e2100, conft
ype=0x8077420 "tls")
> at eap.c:280
>#6 0x282bf7f8 in eap_authenticate (instance=0x80e03b0,
request=0x80e8500)
>at rlm_eap.c:200
>#7 0x08054718 in module_post_auth ()
>#8 0x080547cb in modcall ()
>#9 0x08054751 in module_post_auth ()
>#10 0x0805482c in modcall ()
>#11 0x080543df in module_authenticate ()
>#12 0x080516ec in rad_check_password ()
>#13 0x08051aaa in rad_authenticate ()
>#14 0x0804ce6f in rad_respond ()
>#15 0x0804ca19 in rad_process ()
>#16 0x0804c5b9 in main ()
>#17 0x0804b885 in _start ()
The malloc() in eap_tls.c:501 behaves differently on FreeBSD 5.0 than on
Linux (RH 8.0) when (reply->length - TLS_HEADER_LEN) is zero. Under
FreeBSD I end up with a bad address, thus a segmentation fault.
>(gdb) print eap_ds->request->type.data
>$4 = (unsigned char *) 0x800 <Error reading address 0x800: Bad address>
>(gdb)
>radius1# uname -a
>FreeBSD radius1.cldc.howard.edu 5.0-RELEASE FreeBSD 5.0-RELEASE #0: Thu
>Jan 16 22:16:53 GMT 2003
>[EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENERIC i386
>radius1#
>radius1# gcc -v
>Using built-in specs.
>Configured with: FreeBSD/i386 system compiler
>Thread model: posix
>gcc version 3.2.1 [FreeBSD] 20021119 (release)
>radius1#
This seems to be the problem so far. Does there exist a patch or an
update to this particular problem with malloc() with FreeBSD?
rgrds
George
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
