Alan DeKok wrote:
Nikolas Thoman <[EMAIL PROTECTED]> wrote:
Any help in diagnosing the reason why I'm encountering a fault in
malloc would be much appreciated.
It usually happens because something else in the code is
over-writing a buffer, or writing to free'd memory.
Run the server under valgrind to see what's going on. You'll have
to pass special options to work around the infinite SSL warnings, but
those warnings can be ignored.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Think i have the same problem. I normally use EAP-PEAP but i couldnt get
the server to segfault in valgrind with that. Think it was openssl that
grinded it to a halt. Tried with EAP-MD5 instead and it produced the
"desired" result.
Attached the output from valgrind.
Bjarni Hardarson
==15822== Memcheck, a memory error detector.
==15822== Copyright (C) 2002-2005, and GNU GPL'd, by Julian Seward et al.
==15822== Using LibVEX rev 1575, a library for dynamic binary translation.
==15822== Copyright (C) 2004-2005, and GNU GPL'd, by OpenWorks LLP.
==15822== Using valgrind-3.1.1, a dynamic binary instrumentation framework.
==15822== Copyright (C) 2000-2005, and GNU GPL'd, by Julian Seward et al.
==15822==
--15822-- Command line
--15822-- /usr/local/sbin/radiusd
--15822-- -f
--15822-- -i
--15822-- 127.0.0.1
--15822-- Startup, with flags:
--15822-- -v
--15822-- --error-limit=no
--15822-- --leak-check=full
--15822-- --show-reachable=yes
--15822-- --trace-children=yes
--15822-- Contents of /proc/version:
--15822-- Linux version 2.6.5-7.252-smp ([EMAIL PROTECTED]) (gcc version
3.3.3 (SuSE Linux)) #1 SMP Tue Feb 14 11:11:04 UTC 2006
--15822-- Arch and subarch: X86, x86-sse2
--15822-- Valgrind library directory: /usr/local/lib/valgrind
--15822-- Reading syms from /lib/ld-2.3.3.so (0x4000000)
--15822-- Reading syms from /usr/local/sbin/radiusd (0x8048000)
--15822-- Reading syms from /usr/local/lib/valgrind/x86-linux/memcheck
(0xB0000000)
--15822-- object doesn't have a dynamic symbol table
--15822-- Reading suppressions file: /usr/local/lib/valgrind/default.supp
--15822-- REDIR: 0x4012CF0 (index) redirected to 0xB001B3CE
(vgPlain_x86_linux_REDIR_FOR_index)
--15822-- Reading syms from /usr/local/lib/valgrind/x86-linux/vgpreload_core.so
(0x4018000)
--15822-- Reading syms from
/usr/local/lib/valgrind/x86-linux/vgpreload_memcheck.so (0x401A000)
--15822-- REDIR: 0x4012E90 (strlen) redirected to 0x401D210 (strlen)
--15822-- Reading syms from /lib/libnsl.so.1 (0x4027000)
--15822-- Reading syms from /lib/libresolv.so.2 (0x403B000)
--15822-- Reading syms from /lib/tls/libpthread.so.0 (0x404E000)
--15822-- Reading syms from /usr/local/lib/libradius-1.1.1.so (0x405E000)
--15822-- Reading syms from /lib/libcrypt.so.1 (0x4074000)
--15822-- Reading syms from /usr/lib/libsnmp.so.5.1.3 (0x40A5000)
--15822-- Reading syms from /usr/lib/libcrypto.so.0.9.7 (0x4142000)
--15822-- Reading syms from /usr/lib/libltdl.so.3.1.0 (0x4232000)
--15822-- Reading syms from /lib/libdl.so.2 (0x423A000)
--15822-- Reading syms from /lib/tls/libc.so.6 (0x423D000)
--15822-- REDIR: 0x4000970 (_dl_sysinfo_int80) redirected to 0xB001B3CB (???)
--15822-- REDIR: 0x42A50D0 (rindex) redirected to 0x401CE70 (rindex)
--15822-- REDIR: 0x42A1980 (malloc) redirected to 0x401B5D2 (malloc)
--15822-- REDIR: 0x42A63F0 (memcpy) redirected to 0x401D550 (memcpy)
--15822-- REDIR: 0x42A4D10 (strlen) redirected to 0x401D1F0 (strlen)
--15822-- REDIR: 0x42A4630 (index) redirected to 0x401CF60 (index)
--15822-- REDIR: 0x429FAA0 (free) redirected to 0x401C0FB (free)
--15822-- REDIR: 0x42A4810 (strcpy) redirected to 0x401D250 (strcpy)
--15822-- REDIR: 0x42A47A0 (strcmp) redirected to 0x401D4C0 (strcmp)
--15822-- REDIR: 0x42A4DC0 (strnlen) redirected to 0x401D1C0 (strnlen)
--15822-- REDIR: 0x42A4480 (strcat) redirected to 0x401CFF0 (strcat)
Wed May 3 22:48:16 2006 : Info: Starting - reading configuration files ...
--15822-- REDIR: 0x42A59D0 (memchr) redirected to 0x401D520 (memchr)
==15822== Conditional jump or move depends on uninitialised value(s)
==15822== at 0x4067500: lrad_rand_seed (radius.c:2403)
==15822== by 0x4061E11: my_dict_init (dict.c:890)
==15822== by 0x4062C16: dict_init (dict.c:1111)
==15822== by 0x8051965: read_radius_conf_file (mainconfig.c:1239)
==15822== by 0x80519F9: read_mainconfig (mainconfig.c:1272)
==15822== by 0x805661D: main (radiusd.c:936)
==15822==
==15822== Conditional jump or move depends on uninitialised value(s)
==15822== at 0x4067500: lrad_rand_seed (radius.c:2403)
==15822== by 0x4061E11: my_dict_init (dict.c:890)
==15822== by 0x40622A6: my_dict_init (dict.c:930)
==15822== by 0x4062C16: dict_init (dict.c:1111)
==15822== by 0x8051965: read_radius_conf_file (mainconfig.c:1239)
==15822== by 0x80519F9: read_mainconfig (mainconfig.c:1272)
==15822== by 0x805661D: main (radiusd.c:936)
==15822==
==15822== Conditional jump or move depends on uninitialised value(s)
==15822== at 0x4067500: lrad_rand_seed (radius.c:2403)
==15822== by 0x4061E11: my_dict_init (dict.c:890)
==15822== by 0x40622A6: my_dict_init (dict.c:930)
==15822== by 0x40622A6: my_dict_init (dict.c:930)
==15822== by 0x4062C16: dict_init (dict.c:1111)
==15822== by 0x8051965: read_radius_conf_file (mainconfig.c:1239)
==15822== by 0x80519F9: read_mainconfig (mainconfig.c:1272)
==15822== by 0x805661D: main (radiusd.c:936)
--15822-- REDIR: 0x42A6C70 (rawmemchr) redirected to 0x401DA70 (rawmemchr)
--15822-- REDIR: 0x42A4F10 (strncmp) redirected to 0x401D460 (strncmp)
--15822-- REDIR: 0x42A5020 (strncpy) redirected to 0x401D320 (strncpy)
--15822-- REDIR: 0x42A6D40 (strchrnul) redirected to 0x401DA50 (strchrnul)
--15822-- REDIR: 0x42A60C0 (stpcpy) redirected to 0x401D720 (stpcpy)
--15822-- REDIR: 0x42A2820 (calloc) redirected to 0x401C8B7 (calloc)
--15822-- Reading syms from /lib/libnss_files.so.2 (0x4560000)
--15822-- REDIR: 0x42A1ED0 (realloc) redirected to 0x401C962 (realloc)
--15822-- Reading syms from /usr/local/lib/rlm_exec-1.1.1.so (0x4020000)
--15822-- REDIR: 0x4013260 (stpcpy) redirected to 0x401D800 (stpcpy)
--15822-- Reading syms from /usr/local/lib/rlm_expr-1.1.1.so (0x4023000)
--15822-- Reading syms from /usr/local/lib/rlm_always-1.1.1.so (0x4025000)
--15822-- Reading syms from /usr/local/lib/rlm_pap-1.1.1.so (0x4558000)
--15822-- Reading syms from /usr/local/lib/rlm_mschap-1.1.1.so (0x4569000)
--15822-- Reading syms from /usr/local/lib/rlm_ldap-1.1.1.so (0x456F000)
--15822-- Reading syms from /usr/lib/libldap_r.so.199.3.24 (0x4582000)
--15822-- Reading syms from /usr/lib/liblber.so.199.3.24 (0x45BB000)
--15822-- Reading syms from /usr/lib/libsasl2.so.2.0.18 (0x45C8000)
--15822-- Reading syms from /usr/lib/libssl.so.0.9.7 (0x45DD000)
--15822-- Reading syms from /usr/local/lib/rlm_eap-1.1.1.so (0x457A000)
--15822-- Reading syms from /usr/local/lib/libeap-1.1.1.so (0x460D000)
--15822-- Reading syms from /usr/local/lib/rlm_eap_leap-1.1.1.so (0x455B000)
--15822-- Reading syms from /usr/local/lib/rlm_eap_md5-1.1.1.so (0x4615000)
--15822-- Reading syms from /usr/local/lib/rlm_eap_tls-1.1.1.so (0x4618000)
--15822-- REDIR: 0x42A5ED0 (memset) redirected to 0x401D9C0 (memset)
--15822-- Reading syms from /usr/local/lib/rlm_eap_ttls-1.1.1.so (0x471C000)
--15822-- Reading syms from /usr/local/lib/rlm_eap_mschapv2-1.1.1.so (0x4721000)
--15822-- Reading syms from /usr/local/lib/rlm_eap_peap-1.1.1.so (0x4724000)
--15822-- Reading syms from /usr/local/lib/rlm_preprocess-1.1.1.so (0x4729000)
--15822-- Reading syms from /usr/local/lib/rlm_detail-1.1.1.so (0x472C000)
--15822-- Reading syms from /usr/local/lib/rlm_files-1.1.1.so (0x472F000)
--15822-- Reading syms from /usr/local/lib/rlm_acct_unique-1.1.1.so (0x4732000)
--15822-- Reading syms from /usr/local/lib/rlm_unix-1.1.1.so (0x4735000)
--15822-- Reading syms from /usr/local/lib/rlm_radutmp-1.1.1.so (0x473A000)
--15822-- REDIR: 0x42A5E60 (memmove) redirected to 0x401D9F0 (memmove)
==15822==
==15822== Thread 8:
==15822== Conditional jump or move depends on uninitialised value(s)
==15822== at 0x406765B: lrad_rand (radius.c:2434)
==15822== by 0x457DBD4: generate_state (state.c:126)
==15822== by 0x457D866: eaplist_add (mem.c:183)
==15822== by 0x457BD45: eap_authenticate (rlm_eap.c:365)
==15822== by 0x8054775: modcall (modcall.c:236)
==15822== by 0x8054CF8: call_one (modcall.c:269)
==15822== by 0x80549B9: modcall (modcall.c:324)
==15822== by 0x8052D6F: indexed_modcall (modules.c:469)
==15822== by 0x804CC27: rad_check_password (auth.c:367)
==15822== by 0x804D16B: rad_authenticate (auth.c:662)
==15822== by 0x8055D05: rad_respond (radiusd.c:1642)
==15822== by 0x805C5B6: request_handler_thread (threads.c:517)
==15822==
==15822== Conditional jump or move depends on uninitialised value(s)
==15822== at 0x457C24F: eap_handler_cmp (rlm_eap.c:86)
==15822== by 0x406A9D7: rbtree_insert (rbtree.c:253)
==15822== by 0x457D904: eaplist_add (mem.c:217)
==15822== by 0x457BD45: eap_authenticate (rlm_eap.c:365)
==15822== by 0x8054775: modcall (modcall.c:236)
==15822== by 0x8054CF8: call_one (modcall.c:269)
==15822== by 0x80549B9: modcall (modcall.c:324)
==15822== by 0x8052D6F: indexed_modcall (modules.c:469)
==15822== by 0x804CC27: rad_check_password (auth.c:367)
==15822== by 0x804D16B: rad_authenticate (auth.c:662)
==15822== by 0x8055D05: rad_respond (radiusd.c:1642)
==15822== by 0x805C5B6: request_handler_thread (threads.c:517)
==15822==
==15822== Conditional jump or move depends on uninitialised value(s)
==15822== at 0x406A9DD: rbtree_insert (rbtree.c:254)
==15822== by 0x457D904: eaplist_add (mem.c:217)
==15822== by 0x457BD45: eap_authenticate (rlm_eap.c:365)
==15822== by 0x8054775: modcall (modcall.c:236)
==15822== by 0x8054CF8: call_one (modcall.c:269)
==15822== by 0x80549B9: modcall (modcall.c:324)
==15822== by 0x8052D6F: indexed_modcall (modules.c:469)
==15822== by 0x804CC27: rad_check_password (auth.c:367)
==15822== by 0x804D16B: rad_authenticate (auth.c:662)
==15822== by 0x8055D05: rad_respond (radiusd.c:1642)
==15822== by 0x805C5B6: request_handler_thread (threads.c:517)
==15822== by 0x4053CB6: start_thread (in /lib/tls/libpthread.so.0)
==15822==
==15822== Conditional jump or move depends on uninitialised value(s)
==15822== at 0x406A9E7: rbtree_insert (rbtree.c:271)
==15822== by 0x457D904: eaplist_add (mem.c:217)
==15822== by 0x457BD45: eap_authenticate (rlm_eap.c:365)
==15822== by 0x8054775: modcall (modcall.c:236)
==15822== by 0x8054CF8: call_one (modcall.c:269)
==15822== by 0x80549B9: modcall (modcall.c:324)
==15822== by 0x8052D6F: indexed_modcall (modules.c:469)
==15822== by 0x804CC27: rad_check_password (auth.c:367)
==15822== by 0x804D16B: rad_authenticate (auth.c:662)
==15822== by 0x8055D05: rad_respond (radiusd.c:1642)
==15822== by 0x805C5B6: request_handler_thread (threads.c:517)
==15822== by 0x4053CB6: start_thread (in /lib/tls/libpthread.so.0)
==15822==
==15822== Conditional jump or move depends on uninitialised value(s)
==15822== at 0x457C24F: eap_handler_cmp (rlm_eap.c:86)
==15822== by 0x406AA33: rbtree_insert (rbtree.c:287)
==15822== by 0x457D904: eaplist_add (mem.c:217)
==15822== by 0x457BD45: eap_authenticate (rlm_eap.c:365)
==15822== by 0x8054775: modcall (modcall.c:236)
==15822== by 0x8054CF8: call_one (modcall.c:269)
==15822== by 0x80549B9: modcall (modcall.c:324)
==15822== by 0x8052D6F: indexed_modcall (modules.c:469)
==15822== by 0x804CC27: rad_check_password (auth.c:367)
==15822== by 0x804D16B: rad_authenticate (auth.c:662)
==15822== by 0x8055D05: rad_respond (radiusd.c:1642)
==15822== by 0x805C5B6: request_handler_thread (threads.c:517)
==15822==
==15822== Conditional jump or move depends on uninitialised value(s)
==15822== at 0x406AA39: rbtree_insert (rbtree.c:287)
==15822== by 0x457D904: eaplist_add (mem.c:217)
==15822== by 0x457BD45: eap_authenticate (rlm_eap.c:365)
==15822== by 0x8054775: modcall (modcall.c:236)
==15822== by 0x8054CF8: call_one (modcall.c:269)
==15822== by 0x80549B9: modcall (modcall.c:324)
==15822== by 0x8052D6F: indexed_modcall (modules.c:469)
==15822== by 0x804CC27: rad_check_password (auth.c:367)
==15822== by 0x804D16B: rad_authenticate (auth.c:662)
==15822== by 0x8055D05: rad_respond (radiusd.c:1642)
==15822== by 0x805C5B6: request_handler_thread (threads.c:517)
==15822== by 0x4053CB6: start_thread (in /lib/tls/libpthread.so.0)
==15822==
==15822== Syscall param socketcall.sendto(msg) points to uninitialised byte(s)
==15822== at 0x4058AE8: sendto (in /lib/tls/libpthread.so.0)
==15822== by 0x805600E: rad_respond (radiusd.c:1788)
==15822== by 0x805C5B6: request_handler_thread (threads.c:517)
==15822== by 0x4053CB6: start_thread (in /lib/tls/libpthread.so.0)
==15822== by 0x42F721D: clone (in /lib/tls/libc.so.6)
==15822== by 0x5544BAF: ???
==15822== Address 0x471A644 is 4 bytes inside a block of size 64 alloc'd
==15822== at 0x401B651: malloc (vg_replace_malloc.c:149)
==15822== by 0x4069A05: rad_encode (radius.c:704)
==15822== by 0x406A0EE: rad_send (radius.c:872)
==15822== by 0x805600E: rad_respond (radiusd.c:1788)
==15822== by 0x805C5B6: request_handler_thread (threads.c:517)
==15822== by 0x4053CB6: start_thread (in /lib/tls/libpthread.so.0)
==15822== by 0x42F721D: clone (in /lib/tls/libc.so.6)
==15822== by 0x5544BAF: ???
==15822==
==15822== Thread 5:
==15822== Conditional jump or move depends on uninitialised value(s)
==15822== at 0x457C24F: eap_handler_cmp (rlm_eap.c:86)
==15822== by 0x406A35D: rbtree_find (rbtree.c:458)
==15822== by 0x457D68B: eaplist_find (mem.c:306)
==15822== by 0x457C2F7: eap_handler (eap.c:993)
==15822== by 0x457BC11: eap_authenticate (rlm_eap.c:230)
==15822== by 0x8054775: modcall (modcall.c:236)
==15822== by 0x8054CF8: call_one (modcall.c:269)
==15822== by 0x80549B9: modcall (modcall.c:324)
==15822== by 0x8052D6F: indexed_modcall (modules.c:469)
==15822== by 0x804CC27: rad_check_password (auth.c:367)
==15822== by 0x804D16B: rad_authenticate (auth.c:662)
==15822== by 0x8055D05: rad_respond (radiusd.c:1642)
==15822==
==15822== Conditional jump or move depends on uninitialised value(s)
==15822== at 0x406A365: rbtree_find (rbtree.c:460)
==15822== by 0x457D68B: eaplist_find (mem.c:306)
==15822== by 0x457C2F7: eap_handler (eap.c:993)
==15822== by 0x457BC11: eap_authenticate (rlm_eap.c:230)
==15822== by 0x8054775: modcall (modcall.c:236)
==15822== by 0x8054CF8: call_one (modcall.c:269)
==15822== by 0x80549B9: modcall (modcall.c:324)
==15822== by 0x8052D6F: indexed_modcall (modules.c:469)
==15822== by 0x804CC27: rad_check_password (auth.c:367)
==15822== by 0x804D16B: rad_authenticate (auth.c:662)
==15822== by 0x8055D05: rad_respond (radiusd.c:1642)
==15822== by 0x805C5B6: request_handler_thread (threads.c:517)
==15822==
==15822== More than 100 errors detected. Subsequent errors
==15822== will still be recorded, but in less detail than before.
==15822==
==15822== Conditional jump or move depends on uninitialised value(s)
==15822== at 0x406A369: rbtree_find (rbtree.c:463)
==15822== by 0x457D68B: eaplist_find (mem.c:306)
==15822== by 0x457C2F7: eap_handler (eap.c:993)
==15822== by 0x457BC11: eap_authenticate (rlm_eap.c:230)
==15822== by 0x8054775: modcall (modcall.c:236)
==15822== by 0x8054CF8: call_one (modcall.c:269)
==15822== by 0x80549B9: modcall (modcall.c:324)
==15822== by 0x8052D6F: indexed_modcall (modules.c:469)
==15822== by 0x804CC27: rad_check_password (auth.c:367)
==15822== by 0x804D16B: rad_authenticate (auth.c:662)
==15822== by 0x8055D05: rad_respond (radiusd.c:1642)
==15822== by 0x805C5B6: request_handler_thread (threads.c:517)
==15822==
==15822== Thread 1:
==15822== Syscall param socketcall.sendto(msg) points to uninitialised byte(s)
==15822== at 0x4058AE8: sendto (in /lib/tls/libpthread.so.0)
==15822== by 0x8057B52: main (radiusd.c:546)
==15822== Address 0x6A42D2C is 4 bytes inside a block of size 64 alloc'd
==15822== at 0x401B651: malloc (vg_replace_malloc.c:149)
==15822== by 0x4069A05: rad_encode (radius.c:704)
==15822== by 0x406A0EE: rad_send (radius.c:872)
==15822== by 0x805600E: rad_respond (radiusd.c:1788)
==15822== by 0x805C5B6: request_handler_thread (threads.c:517)
==15822== by 0x4053CB6: start_thread (in /lib/tls/libpthread.so.0)
==15822== by 0x42F721D: clone (in /lib/tls/libc.so.6)
==15822== by 0x4B3FBAF: ???
==15822==
==15822== Thread 24:
==15822== Invalid write of size 4
==15822== at 0x457D797: eaplist_find (mem.c:332)
==15822== by 0x457C2F7: eap_handler (eap.c:993)
==15822== by 0x457BC11: eap_authenticate (rlm_eap.c:230)
==15822== by 0x8054775: modcall (modcall.c:236)
==15822== by 0x8054CF8: call_one (modcall.c:269)
==15822== by 0x80549B9: modcall (modcall.c:324)
==15822== by 0x8052D6F: indexed_modcall (modules.c:469)
==15822== by 0x804CC27: rad_check_password (auth.c:367)
==15822== by 0x804D16B: rad_authenticate (auth.c:662)
==15822== by 0x8055D05: rad_respond (radiusd.c:1642)
==15822== by 0x805C5B6: request_handler_thread (threads.c:517)
==15822== by 0x4053CB6: start_thread (in /lib/tls/libpthread.so.0)
==15822== Address 0x5A17BEC is 4 bytes inside a block of size 72 free'd
==15822== at 0x401C178: free (vg_replace_malloc.c:235)
==15822== by 0x457D564: eap_handler_free (mem.c:142)
==15822== by 0x457BF3E: eap_authenticate (rlm_eap.c:268)
==15822== by 0x8054775: modcall (modcall.c:236)
==15822== by 0x8054CF8: call_one (modcall.c:269)
==15822== by 0x80549B9: modcall (modcall.c:324)
==15822== by 0x8052D6F: indexed_modcall (modules.c:469)
==15822== by 0x804CC27: rad_check_password (auth.c:367)
==15822== by 0x804D16B: rad_authenticate (auth.c:662)
==15822== by 0x8055D05: rad_respond (radiusd.c:1642)
==15822== by 0x805C5B6: request_handler_thread (threads.c:517)
==15822== by 0x4053CB6: start_thread (in /lib/tls/libpthread.so.0)
==15822==
==15822== Thread 1:
==15822== Invalid read of size 4
==15822== at 0x8058536: request_cmp (request_list.c:175)
==15822== by 0x406A35D: rbtree_find (rbtree.c:458)
==15822== by 0x8058FCE: rl_delete (request_list.c:472)
==15822== by 0x80591F9: refresh_request (request_list.c:1052)
==15822== by 0x80597BE: rl_clean_list (request_list.c:1402)
==15822== by 0x80573B3: main (radiusd.c:1462)
==15822== Address 0x0 is not stack'd, malloc'd or (recently) free'd
==15822==
==15822== Process terminating with default action of signal 11 (SIGSEGV)
==15822== Access not within mapped region at address 0x0
==15822== at 0x8058536: request_cmp (request_list.c:175)
==15822== by 0x406A35D: rbtree_find (rbtree.c:458)
==15822== by 0x8058FCE: rl_delete (request_list.c:472)
==15822== by 0x80591F9: refresh_request (request_list.c:1052)
==15822== by 0x80597BE: rl_clean_list (request_list.c:1402)
==15822== by 0x80573B3: main (radiusd.c:1462)
--15822-- discard syms at 0x4560000-0x4569000 in /lib/libnss_files.so.2 due to
munmap()
==15822==
==15822== ERROR SUMMARY: 385659 errors from 104 contexts (suppressed: 79 from 2)
==15822==
==15822== 1 errors in context 1 of 104:
==15822== Invalid read of size 4
==15822== at 0x8058536: request_cmp (request_list.c:175)
==15822== by 0x406A35D: rbtree_find (rbtree.c:458)
==15822== by 0x8058FCE: rl_delete (request_list.c:472)
==15822== by 0x80591F9: refresh_request (request_list.c:1052)
==15822== by 0x80597BE: rl_clean_list (request_list.c:1402)
==15822== by 0x80573B3: main (radiusd.c:1462)
==15822== Address 0x0 is not stack'd, malloc'd or (recently) free'd
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
