Bug 210912 - freeradius segfaults when attempting LDAP lookup
freeradius segfaults when attempting LDAP lookup
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: freeradius (Show other bugs)
6
All Linux
medium Severity high
: ---
: ---
Assigned To: Thomas Woerner
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-10-16 11:11 EDT by Matt Bernstein
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-12-13 06:30:52 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
output of "radiusd -X" (9.62 KB, text/plain)
2006-10-27 05:55 EDT, Matt Bernstein
no flags Details
strace output of "radiusd -X" (108.03 KB, text/plain)
2006-10-27 05:56 EDT, Matt Bernstein
no flags Details
gzipped core file (468.10 KB, application/x-gzip)
2006-10-27 05:57 EDT, Matt Bernstein
no flags Details
gdb output (4.41 KB, text/plain)
2006-10-27 05:59 EDT, Matt Bernstein
no flags Details

  None (edit)
Description Matt Bernstein 2006-10-16 11:11:12 EDT
Description of problem:

freeradius immediately segfaults when attempting an LDAP lookup.

Version-Release number of selected component (if applicable):

FC5 current and FC6 rawhide

How reproducible:
always

Steps to Reproduce:
1. configure freeradius to "Auth-Type LDAP"
2. start radiusd
3. run radtest
  
Actual results:

segfault

Expected results:

rad_recv: Access-Accept packet (or similar)

Additional info:

Apparently this used to work in FC4. It works in Debian stable, but not in FC5
or FC6.

Googling around suggests similar problems have been caused by .so collisions (eg
radiusd linked against libsasl.so and libldap.so, the latter being linked
against libsasl2.so..). I don't know if this is useful, though.
Comment 1 Matt Bernstein 2006-10-16 11:14:11 EDT
The sasl thing I mentioned was bug 126507.
Comment 2 Matt Bernstein 2006-10-25 12:53:45 EDT
I now can't use the FC4 one as I will need client cert-based EAP-TLS to work and
that causes it to segfault. Will report that against FC6 if the bug persists,
but I can't use any of them now.

It's rather quiet in here--perhaps there's another channel I should be using to
report this bug?
Comment 3 Thomas Woerner 2006-10-25 13:14:39 EDT
Please start the radius server in debug mode (option "-X") and attach the log to
this bugzilla.

Please also get a core dump from the server.
Comment 4 Matt Bernstein 2006-10-27 05:54:37 EDT
gdb says:

Program terminated with signal 11, Segmentation fault.
#0  ldap_set_option (ld=0x558b9640, option=20485, invalue=0x5555558adb80)
    at options.c:358
358                     assert( LDAP_VALID( ld ) );

Attachments to follow..
Comment 5 Matt Bernstein 2006-10-27 05:55:50 EDT
Created attachment 139562 [details]
output of "radiusd -X"
Comment 6 Matt Bernstein 2006-10-27 05:56:45 EDT
Created attachment 139563 [details]
strace output of "radiusd -X"
Comment 7 Matt Bernstein 2006-10-27 05:57:49 EDT
Created attachment 139564 [details]
gzipped core file 

This is on FC6 x86_64.
Comment 8 Matt Bernstein 2006-10-27 05:59:47 EDT
Created attachment 139565 [details]
gdb output

gdb-radiusd.log as suggested in /usr/share/doc/freeradius-1.1.3/bugs. I only
installed the debuginfo RPMs for freeradius and openldap.
Comment 9 Matt Bernstein 2006-11-09 11:52:31 EST
It's now been quiet for almost two weeks. Is anyone working on this bug?
Comment 10 Thomas Woerner 2006-11-09 13:45:14 EST
Maybe there is a interim solution: Rebuild freeradius without PIE support.
Disable pie patch for this.

Is this solving your problem?
Comment 11 Matt Bernstein 2006-11-13 05:03:34 EST
Yes it is under FC6, thanks very much.

I've also built the FC6 SRPM for FC5, though I'm using a modified openldap
install, since we suffer the symptoms of bug 209496 (which has been completely
unanswered, despite a patch from upstream having been supplied). So that works
too, although it's more FC6 than FC5.
Comment 12 Thomas Woerner 2006-11-21 12:53:39 EST
Please have a look at http://people.redhat.com/twoerner/BZ/210912/

This package should fix your problem.
Comment 13 Matt Bernstein 2006-11-22 11:19:49 EST
Yes, it does. Thanks! :)
Comment 14 Matt Bernstein 2006-12-08 08:00:00 EST
More weeks pass.. what happens now?
Comment 15 Thomas Woerner 2006-12-13 06:30:52 EST
Fixed in updates in package freeradius-1.1.3-1.1.

Note You need to log in before you can comment on or make changes to this bug.