Alan DeKok wrote:

  With a lock bug.  Dang.  I'll get it right one of these days.

Now the server segfaults at the first Access-Request with EAP.

Attached the output from valgrind. (not the whole thing this time :)

 Bjarni Hardarson
==18068==
==18068== Invalid read of size 4
==18068==    at 0x457E7C1: eap_ds_free (mem.c:101)
==18068==    by 0x457EAED: eaplist_find (mem.c:407)
==18068==    by 0x457D3EB: eap_handler (eap.c:993)
==18068==    by 0x457CC37: eap_authenticate (rlm_eap.c:230)
==18068==    by 0x8054C2A: modcall (modcall.c:236)
==18068==    by 0x8055256: call_one (modcall.c:269)
==18068==    by 0x8054E16: modcall (modcall.c:324)
==18068==    by 0x805315D: indexed_modcall (modules.c:469)
==18068==    by 0x804CD1D: rad_check_password (auth.c:367)
==18068==    by 0x804D1C4: rad_authenticate (auth.c:662)
==18068==    by 0x8056284: rad_respond (radiusd.c:1642)
==18068==    by 0x8057E51: main (radiusd.c:1427)
==18068==  Address 0x46C69F0 is 48 bytes inside a block of size 80 free'd
==18068==    at 0x401C178: free (vg_replace_malloc.c:235)
==18068==    by 0x457E8BE: eap_handler_free (mem.c:152)
==18068==    by 0x457E975: eaplist_delete_locked (mem.c:283)
==18068==    by 0x457EABE: eaplist_find (mem.c:380)
==18068==    by 0x457D3EB: eap_handler (eap.c:993)
==18068==    by 0x457CC37: eap_authenticate (rlm_eap.c:230)
==18068==    by 0x8054C2A: modcall (modcall.c:236)
==18068==    by 0x8055256: call_one (modcall.c:269)
==18068==    by 0x8054E16: modcall (modcall.c:324)
==18068==    by 0x805315D: indexed_modcall (modules.c:469)
==18068==    by 0x804CD1D: rad_check_password (auth.c:367)
==18068==    by 0x804D1C4: rad_authenticate (auth.c:662)
==18068==
==18068== Invalid read of size 4
==18068==    at 0x457EAEE: eaplist_find (mem.c:408)
==18068==    by 0x457D3EB: eap_handler (eap.c:993)
==18068==    by 0x457CC37: eap_authenticate (rlm_eap.c:230)
==18068==    by 0x8054C2A: modcall (modcall.c:236)
==18068==    by 0x8055256: call_one (modcall.c:269)
==18068==    by 0x8054E16: modcall (modcall.c:324)
==18068==    by 0x805315D: indexed_modcall (modules.c:469)
==18068==    by 0x804CD1D: rad_check_password (auth.c:367)
==18068==    by 0x804D1C4: rad_authenticate (auth.c:662)
==18068==    by 0x8056284: rad_respond (radiusd.c:1642)
==18068==    by 0x8057E51: main (radiusd.c:1427)
==18068==  Address 0x46C69F4 is 52 bytes inside a block of size 80 free'd
==18068==    at 0x401C178: free (vg_replace_malloc.c:235)
==18068==    by 0x457E8BE: eap_handler_free (mem.c:152)
==18068==    by 0x457E975: eaplist_delete_locked (mem.c:283)
==18068==    by 0x457EABE: eaplist_find (mem.c:380)
==18068==    by 0x457D3EB: eap_handler (eap.c:993)
==18068==    by 0x457CC37: eap_authenticate (rlm_eap.c:230)
==18068==    by 0x8054C2A: modcall (modcall.c:236)
==18068==    by 0x8055256: call_one (modcall.c:269)
==18068==    by 0x8054E16: modcall (modcall.c:324)
==18068==    by 0x805315D: indexed_modcall (modules.c:469)
==18068==    by 0x804CD1D: rad_check_password (auth.c:367)
==18068==    by 0x804D1C4: rad_authenticate (auth.c:662)
==18068==
==18068== Invalid write of size 4
==18068==    at 0x457EAF1: eaplist_find (mem.c:409)
==18068==    by 0x457D3EB: eap_handler (eap.c:993)
==18068==    by 0x457CC37: eap_authenticate (rlm_eap.c:230)
==18068==    by 0x8054C2A: modcall (modcall.c:236)
==18068==    by 0x8055256: call_one (modcall.c:269)
==18068==    by 0x8054E16: modcall (modcall.c:324)
==18068==    by 0x805315D: indexed_modcall (modules.c:469)
==18068==    by 0x804CD1D: rad_check_password (auth.c:367)
==18068==    by 0x804D1C4: rad_authenticate (auth.c:662)
==18068==    by 0x8056284: rad_respond (radiusd.c:1642)
==18068==    by 0x8057E51: main (radiusd.c:1427)
==18068==  Address 0x46C69F4 is 52 bytes inside a block of size 80 free'd
==18068==    at 0x401C178: free (vg_replace_malloc.c:235)
==18068==    by 0x457E8BE: eap_handler_free (mem.c:152)
==18068==    by 0x457E975: eaplist_delete_locked (mem.c:283)
==18068==    by 0x457EABE: eaplist_find (mem.c:380)
==18068==    by 0x457D3EB: eap_handler (eap.c:993)
==18068==    by 0x457CC37: eap_authenticate (rlm_eap.c:230)
==18068==    by 0x8054C2A: modcall (modcall.c:236)
==18068==    by 0x8055256: call_one (modcall.c:269)
==18068==    by 0x8054E16: modcall (modcall.c:324)
==18068==    by 0x805315D: indexed_modcall (modules.c:469)
==18068==    by 0x804CD1D: rad_check_password (auth.c:367)
==18068==    by 0x804D1C4: rad_authenticate (auth.c:662)
==18068==
==18068== Invalid write of size 4
==18068==    at 0x457EAF8: eaplist_find (mem.c:408)
==18068==    by 0x457D3EB: eap_handler (eap.c:993)
==18068==    by 0x457CC37: eap_authenticate (rlm_eap.c:230)
==18068==    by 0x8054C2A: modcall (modcall.c:236)
==18068==    by 0x8055256: call_one (modcall.c:269)
==18068==    by 0x8054E16: modcall (modcall.c:324)
==18068==    by 0x805315D: indexed_modcall (modules.c:469)
==18068==    by 0x804CD1D: rad_check_password (auth.c:367)
==18068==    by 0x804D1C4: rad_authenticate (auth.c:662)
==18068==    by 0x8056284: rad_respond (radiusd.c:1642)
==18068==    by 0x8057E51: main (radiusd.c:1427)
==18068==  Address 0x46C69F0 is 48 bytes inside a block of size 80 free'd
==18068==    at 0x401C178: free (vg_replace_malloc.c:235)
==18068==    by 0x457E8BE: eap_handler_free (mem.c:152)
==18068==    by 0x457E975: eaplist_delete_locked (mem.c:283)
==18068==    by 0x457EABE: eaplist_find (mem.c:380)
==18068==    by 0x457D3EB: eap_handler (eap.c:993)
==18068==    by 0x457CC37: eap_authenticate (rlm_eap.c:230)
==18068==    by 0x8054C2A: modcall (modcall.c:236)
==18068==    by 0x8055256: call_one (modcall.c:269)
==18068==    by 0x8054E16: modcall (modcall.c:324)
==18068==    by 0x805315D: indexed_modcall (modules.c:469)
==18068==    by 0x804CD1D: rad_check_password (auth.c:367)
==18068==    by 0x804D1C4: rad_authenticate (auth.c:662)
==18068==
==18068== Invalid read of size 4
==18068==    at 0x457D443: eap_handler (eap.c:1049)
==18068==    by 0x457CC37: eap_authenticate (rlm_eap.c:230)
==18068==    by 0x8054C2A: modcall (modcall.c:236)
==18068==    by 0x8055256: call_one (modcall.c:269)
==18068==    by 0x8054E16: modcall (modcall.c:324)
==18068==    by 0x805315D: indexed_modcall (modules.c:469)
==18068==    by 0x804CD1D: rad_check_password (auth.c:367)
==18068==    by 0x804D1C4: rad_authenticate (auth.c:662)
==18068==    by 0x8056284: rad_respond (radiusd.c:1642)
==18068==    by 0x8057E51: main (radiusd.c:1427)
==18068==  Address 0x46C69EC is 44 bytes inside a block of size 80 free'd
==18068==    at 0x401C178: free (vg_replace_malloc.c:235)
==18068==    by 0x457E8BE: eap_handler_free (mem.c:152)
==18068==    by 0x457E975: eaplist_delete_locked (mem.c:283)
==18068==    by 0x457EABE: eaplist_find (mem.c:380)
==18068==    by 0x457D3EB: eap_handler (eap.c:993)
==18068==    by 0x457CC37: eap_authenticate (rlm_eap.c:230)
==18068==    by 0x8054C2A: modcall (modcall.c:236)
==18068==    by 0x8055256: call_one (modcall.c:269)
==18068==    by 0x8054E16: modcall (modcall.c:324)
==18068==    by 0x805315D: indexed_modcall (modules.c:469)
==18068==    by 0x804CD1D: rad_check_password (auth.c:367)
==18068==    by 0x804D1C4: rad_authenticate (auth.c:662)
==18068==
==18068== Invalid read of size 1
==18068==    at 0x401D47D: strncmp (mac_replace_strmem.c:311)
==18068==    by 0x457D44D: eap_handler (eap.c:1049)
==18068==    by 0x457CC37: eap_authenticate (rlm_eap.c:230)
==18068==    by 0x8054C2A: modcall (modcall.c:236)
==18068==    by 0x8055256: call_one (modcall.c:269)
==18068==    by 0x8054E16: modcall (modcall.c:324)
==18068==    by 0x805315D: indexed_modcall (modules.c:469)
==18068==    by 0x804CD1D: rad_check_password (auth.c:367)
==18068==    by 0x804D1C4: rad_authenticate (auth.c:662)
==18068==    by 0x8056284: rad_respond (radiusd.c:1642)
==18068==    by 0x8057E51: main (radiusd.c:1427)
==18068==  Address 0x0 is not stack'd, malloc'd or (recently) free'd
==18068==
==18068== Process terminating with default action of signal 11 (SIGSEGV): 
dumping core
==18068==  Access not within mapped region at address 0x0
==18068==    at 0x401D47D: strncmp (mac_replace_strmem.c:311)
==18068==    by 0x457D44D: eap_handler (eap.c:1049)
==18068==    by 0x457CC37: eap_authenticate (rlm_eap.c:230)
==18068==    by 0x8054C2A: modcall (modcall.c:236)
==18068==    by 0x8055256: call_one (modcall.c:269)
==18068==    by 0x8054E16: modcall (modcall.c:324)
==18068==    by 0x805315D: indexed_modcall (modules.c:469)
==18068==    by 0x804CD1D: rad_check_password (auth.c:367)
==18068==    by 0x804D1C4: rad_authenticate (auth.c:662)
==18068==    by 0x8056284: rad_respond (radiusd.c:1642)
==18068==    by 0x8057E51: main (radiusd.c:1427)
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to