Details
-
Task
-
Resolution: Fixed
-
Minor
-
None
-
None
-
None
Description
Source:
=======
RADSECPROXY 1.6.8 built from source on the very system it is running on.
Today:
======
Jul 25 08:08:31 radius-ext kernel: [1709400.083892] radsecproxy[33620]: segfault at d8 ip 00007f92c6340992 sp 00007f92c7089e20 error 6 in libc-2.24.so[7f92c6257000+1be000]
# LANG=C gdb /usr/local/sbin/radsecproxy core.radsecproxy.109.cc8273172a0648a7bc33bfb321b9c020.33612.1500962911000000000000
...
Core was generated by /usr/local/sbin/radsecproxy'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x00007f92c6340992 in __regexec (preg=preg@entry=0x5571d77e2ef8, string=string@entry=0x7f92b40263d0 "redacted-user-1@charite.de", nmatch=nmatch@entry=0, pmatch=pmatch@entry=0x0,
eflags=eflags@entry=0) at regexec.c:243
243 regexec.c: No such file or directory.
[Current thread is 1 (Thread 0x7f92c708a700 (LWP 33620))]
(gdb) bt full
#0 0x00007f92c6340992 in __regexec (preg=preg@entry=0x5571d77e2ef8, string=string@entry=0x7f92b40263d0 "redacted-user-1@charite.de", nmatch=nmatch@entry=0, pmatch=pmatch@entry=0x0,
eflags=eflags@entry=0) at regexec.c:243
err = <optimized out>
start = 0
length = 26
dfa = <optimized out>
#1 0x00005571d561dd47 in id2realm (realmlist=<optimized out>, id=id@entry=0x7f92b40263d0 "redacted-user-1@charite.de") at radsecproxy.c:760
entry = 0x5571d77e0aa0
realm = 0x5571d77e2ee0
subrealm = <optimized out>
#2 0x00005571d56209b1 in findserver (realm=realm@entry=0x7f92c7089ed8, username=username@entry=0x7f92b400a500, acc=<optimized out>) at radsecproxy.c:1365
srvconf = <optimized out>
subrealm = <optimized out>
server = 0x0
id = 0x7f92b40263d0 "redacted-user-1@charite.de"
#3 0x00005571d5620dce in radsrv (rq=rq@entry=0x7f92b400e4d0) at radsecproxy.c:1527
msg = 0x7f92b4023c90
attr = 0x7f92b400a500
userascii = 0x7f92b4025590 "redacted-user-1@charite.de"
realm = 0x0
to = 0x0
from = 0x7f92b400c210
ttlres = -1
__func__ = "radsrv"
#4 0x00005571d56286e4 in udpserverrd (arg=0x5571d77cba10) at udp.c:286
rq = 0x7f92b400e4d0
sp = 0x5571d77cba10
#5 0x00007f92c66256da in start_thread (arg=0x7f92c708a700) at pthread_create.c:456
__res = <optimized out>
pd = 0x7f92c708a700
now = <optimized out>
unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140268381185792, -4210390511266064784, 140722861988878, 140722861988879, 140268381186496, 140268381185792, 4230074334553544304, 4230072915383916144},
mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
not_first_call = <optimized out>
pagesize_m1 = <optimized out>
sp = <optimized out>
freesize = <optimized out>
__PRETTY_FUNCTION__ = "start_thread"
#6 0x00007f92c635fd7f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:105
No locals.
(gdb)
Config:
=======
# Master config file for radsecproxy
# Radius UDP Traffic
ListenUDP *:1812
ListenUDP *:1813
# needed for logging of usernames
LogLevel 3
#LogDestination file:///var/log/radsecproxy.log
LogDestination x-syslog:///LOG_LOCAL0
LoopPrevention on
# The simplest configuration you can do is:
tls default {
CACertificatePath /etc/radsecproxy/ca-certificates/
CertificateFile /etc/radsecproxy/radius-ext-cert-with-chain.pem
CertificateKeyFile /etc/radsecproxy/radius-ext-key.pem
}
# Clients
client wireswitch-cbf01 {
host 10.32.35.240
type udp
secret secret_for_internal_switches
}
client wireswitch-cvk01 {
host 10.32.35.241
type udp
secret secret_for_internal_switches
}
client wireswitch-labor {
host 10.32.35.242
type udp
secret secret_for_internal_switches
}
client wireswitch-ccm01 {
host 10.32.35.243
type udp
secret secret_for_internal_switches
}
client wifiswitch05 {
host 10.32.35.244
type udp
secret secret_for_internal_switches
}
client wifiswitch-ent03 {
host 10.32.35.247
type udp
secret secret_for_internal_switches
}
client wifiswitch-ent04 {
host 10.32.35.248
type udp
secret secret_for_internal_switches
}
client nac-wifi-labor {
host 10.32.36.23
type udp
secret secret_for_internal_switches
}
client nac-wifi-01 {
host 10.32.36.24
type udp
secret secret_for_internal_switches
}
client transit {
host 141.42.1.192/26
type udp
secret secret_for_internal_switches
}
client netz-dev2 {
host 10.32.36.250
type udp
secret secret_for_internal_switches
}
client radius-wlan2 {
host 10.32.36.38
type udp
secret secret_for_internal_switches
}
client tlr1 {
host 193.174.75.134
type tls
certificatenamecheck off
matchCertificateAttribute CN:/^(radius1\.dfn|tld1\.eduroam)\.de$/
}
client tlr2 {
host 193.174.75.138
type tls
certificatenamecheck off
matchCertificateAttribute CN:/^(radius2\.dfn|tld2\.eduroam)\.de$/
}
# Servers
server radius-wlan2 {
host radius-wlan2.charite.de
type udp
port 21812
secret secret_for_internal_switches
}
server radius-wlan2-accounting {
host radius-wlan2.charite.de
type udp
port 21813
secret secret_for_internal_switches
}
server tlr1 {
host 193.174.75.134
type tls
certificatenamecheck off
matchCertificateAttribute CN:/^(radius1\.dfn|tld1\.eduroam)\.de$/
StatusServer on
}
server tlr2 {
host 193.174.75.138
type tls
certificatenamecheck off
matchCertificateAttribute CN:/^(radius2\.dfn|tld2\.eduroam)\.de$/
StatusServer on
}
# Unser Realm
realm charite.de {
server radius-wlan2
accountingServer radius-wlan2-accounting
}
realm * {
server tlr1
server tlr2
accountingserver tlr1
accountingserver tlr2
}
OS:
===
# uname -a
Linux radius-ext 4.4.0-83-generic #106-Ubuntu SMP Mon Jun 26 17:54:43 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 17.04
Release: 17.04
Codename: zesty
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebrandt@charite.de Campus Benjamin Franklin
https://www.charite.de Hindenburgdamm 30, 12203 Berlin
Geschäftsbereich IT, Abt. Netzwerk fon: +49-30-450.570.155
[Created via e-mail received from: Ralf.Hildebrandt@charite.de]
=======
RADSECPROXY 1.6.8 built from source on the very system it is running on.
Today:
======
Jul 25 08:08:31 radius-ext kernel: [1709400.083892] radsecproxy[33620]: segfault at d8 ip 00007f92c6340992 sp 00007f92c7089e20 error 6 in libc-2.24.so[7f92c6257000+1be000]
# LANG=C gdb /usr/local/sbin/radsecproxy core.radsecproxy.109.cc8273172a0648a7bc33bfb321b9c020.33612.1500962911000000000000
...
Core was generated by /usr/local/sbin/radsecproxy'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x00007f92c6340992 in __regexec (preg=preg@entry=0x5571d77e2ef8, string=string@entry=0x7f92b40263d0 "redacted-user-1@charite.de", nmatch=nmatch@entry=0, pmatch=pmatch@entry=0x0,
eflags=eflags@entry=0) at regexec.c:243
243 regexec.c: No such file or directory.
[Current thread is 1 (Thread 0x7f92c708a700 (LWP 33620))]
(gdb) bt full
#0 0x00007f92c6340992 in __regexec (preg=preg@entry=0x5571d77e2ef8, string=string@entry=0x7f92b40263d0 "redacted-user-1@charite.de", nmatch=nmatch@entry=0, pmatch=pmatch@entry=0x0,
eflags=eflags@entry=0) at regexec.c:243
err = <optimized out>
start = 0
length = 26
dfa = <optimized out>
#1 0x00005571d561dd47 in id2realm (realmlist=<optimized out>, id=id@entry=0x7f92b40263d0 "redacted-user-1@charite.de") at radsecproxy.c:760
entry = 0x5571d77e0aa0
realm = 0x5571d77e2ee0
subrealm = <optimized out>
#2 0x00005571d56209b1 in findserver (realm=realm@entry=0x7f92c7089ed8, username=username@entry=0x7f92b400a500, acc=<optimized out>) at radsecproxy.c:1365
srvconf = <optimized out>
subrealm = <optimized out>
server = 0x0
id = 0x7f92b40263d0 "redacted-user-1@charite.de"
#3 0x00005571d5620dce in radsrv (rq=rq@entry=0x7f92b400e4d0) at radsecproxy.c:1527
msg = 0x7f92b4023c90
attr = 0x7f92b400a500
userascii = 0x7f92b4025590 "redacted-user-1@charite.de"
realm = 0x0
to = 0x0
from = 0x7f92b400c210
ttlres = -1
__func__ = "radsrv"
#4 0x00005571d56286e4 in udpserverrd (arg=0x5571d77cba10) at udp.c:286
rq = 0x7f92b400e4d0
sp = 0x5571d77cba10
#5 0x00007f92c66256da in start_thread (arg=0x7f92c708a700) at pthread_create.c:456
__res = <optimized out>
pd = 0x7f92c708a700
now = <optimized out>
unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140268381185792, -4210390511266064784, 140722861988878, 140722861988879, 140268381186496, 140268381185792, 4230074334553544304, 4230072915383916144},
mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
not_first_call = <optimized out>
pagesize_m1 = <optimized out>
sp = <optimized out>
freesize = <optimized out>
__PRETTY_FUNCTION__ = "start_thread"
#6 0x00007f92c635fd7f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:105
No locals.
(gdb)
Config:
=======
# Master config file for radsecproxy
# Radius UDP Traffic
ListenUDP *:1812
ListenUDP *:1813
# needed for logging of usernames
LogLevel 3
#LogDestination file:///var/log/radsecproxy.log
LogDestination x-syslog:///LOG_LOCAL0
LoopPrevention on
# The simplest configuration you can do is:
tls default {
CACertificatePath /etc/radsecproxy/ca-certificates/
CertificateFile /etc/radsecproxy/radius-ext-cert-with-chain.pem
CertificateKeyFile /etc/radsecproxy/radius-ext-key.pem
}
# Clients
client wireswitch-cbf01 {
host 10.32.35.240
type udp
secret secret_for_internal_switches
}
client wireswitch-cvk01 {
host 10.32.35.241
type udp
secret secret_for_internal_switches
}
client wireswitch-labor {
host 10.32.35.242
type udp
secret secret_for_internal_switches
}
client wireswitch-ccm01 {
host 10.32.35.243
type udp
secret secret_for_internal_switches
}
client wifiswitch05 {
host 10.32.35.244
type udp
secret secret_for_internal_switches
}
client wifiswitch-ent03 {
host 10.32.35.247
type udp
secret secret_for_internal_switches
}
client wifiswitch-ent04 {
host 10.32.35.248
type udp
secret secret_for_internal_switches
}
client nac-wifi-labor {
host 10.32.36.23
type udp
secret secret_for_internal_switches
}
client nac-wifi-01 {
host 10.32.36.24
type udp
secret secret_for_internal_switches
}
client transit {
host 141.42.1.192/26
type udp
secret secret_for_internal_switches
}
client netz-dev2 {
host 10.32.36.250
type udp
secret secret_for_internal_switches
}
client radius-wlan2 {
host 10.32.36.38
type udp
secret secret_for_internal_switches
}
client tlr1 {
host 193.174.75.134
type tls
certificatenamecheck off
matchCertificateAttribute CN:/^(radius1\.dfn|tld1\.eduroam)\.de$/
}
client tlr2 {
host 193.174.75.138
type tls
certificatenamecheck off
matchCertificateAttribute CN:/^(radius2\.dfn|tld2\.eduroam)\.de$/
}
# Servers
server radius-wlan2 {
host radius-wlan2.charite.de
type udp
port 21812
secret secret_for_internal_switches
}
server radius-wlan2-accounting {
host radius-wlan2.charite.de
type udp
port 21813
secret secret_for_internal_switches
}
server tlr1 {
host 193.174.75.134
type tls
certificatenamecheck off
matchCertificateAttribute CN:/^(radius1\.dfn|tld1\.eduroam)\.de$/
StatusServer on
}
server tlr2 {
host 193.174.75.138
type tls
certificatenamecheck off
matchCertificateAttribute CN:/^(radius2\.dfn|tld2\.eduroam)\.de$/
StatusServer on
}
# Unser Realm
realm charite.de {
server radius-wlan2
accountingServer radius-wlan2-accounting
}
realm * {
server tlr1
server tlr2
accountingserver tlr1
accountingserver tlr2
}
OS:
===
# uname -a
Linux radius-ext 4.4.0-83-generic #106-Ubuntu SMP Mon Jun 26 17:54:43 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 17.04
Release: 17.04
Codename: zesty
--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hildebrandt@charite.de Campus Benjamin Franklin
https://www.charite.de Hindenburgdamm 30, 12203 Berlin
Geschäftsbereich IT, Abt. Netzwerk fon: +49-30-450.570.155
[Created via e-mail received from: Ralf.Hildebrandt@charite.de]