Re: segmentation fault

This is a discussion on Re: segmentation fault within the FreeRADIUS Users forums, part of the Networking and Network Related category; On Apr 1, 2005 11:40 PM, Alan DeKok <aland@ox.org> wrote: > Larry Riffle <spamtrap47@...


Go Back   Usenet Forums > Networking and Network Related > FreeRADIUS Users

Reload this Page Re: segmentation fault

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 04-02-2005
Willem Eradus
 
Posts: n/a
Default Re: segmentation fault
On Apr 1, 2005 11:40 PM, Alan DeKok <aland@ox.org> wrote:
> Larry Riffle <spamtrap47@adelphia.net> wrote:
> > I'm trying to decide if this is just a couple of us doing something
> > wrong or if check_cert_cn is broken.
>
> It might be broken.
>
> > Does anybody have it working on any platform? By "working" I mean when
> > the CN doesn't match your server doesn't crash.
>
> I haven't tested it.
>
> > > 177 radlog(L_INFO, "--> User-Name = %s", handler->identity);
>
> The identity SHOULD NOT be NULL. The rest of the EAP code ensures
> that IF the handler exists, THEN the identity is valid. I'm confused
> by why this is happening at all...
>
> Hmm.... in rlm_eap_tls.c, function eaptls_authenticate(), try adding
> the following code at the top:
>
> ...
> EAP_HANDLER *ssl_handler = SSL_get_ex_data(ssn->ssl, 0);
>
> rad_assert(ssl_handler == handler);
> ...

*/
static int eaptls_authenticate(void *arg UNUSED, EAP_HANDLER *handler)
{
eaptls_status_t status;
tls_session_t *tls_session = (tls_session_t *) handler->opaque;

EAP_HANDLER *ssl_handler = SSL_get_ex_data(tls_session->ssl, 0);

rad_assert(ssl_handler == handler);

DEBUG2(" rlm_eap_tls: Authenticate");

Added the code, changed ssn for tls_session, as ssn is no avail in
this function, no assertion error, coredumps at same place as before.

#0 0x001c75ce in cbtls_verify (ok=1, ctx=0xbfe934b0) at cb.c:177
177 radlog(L_INFO, "--> User-Name = %s", handler->identity);
(gdb) bt
#0 0x001c75ce in cbtls_verify (ok=1, ctx=0xbfe934b0) at cb.c:177
#1 0x035dcc58 in X509_verify_cert () from /lib/libcrypto.so.4
#2 0x035dc1a0 in X509_verify_cert () from /lib/libcrypto.so.4
#3 0x00d6dcc6 in ssl_verify_cert_chain () from /lib/libssl.so.4


> If that assertion fails, then the problem is that the handler is
> getting freed part-way through the SSL session, when it shouldn't be.
>
> A hack to fix it would be to add one line to the top of that function:
>
> SSL_set_ex_data(ssn->ssl, 0, handler);
>
> That SHOULD work around the problem. If so, I'll commit a fix.
>
> Alan DeKok.


Willem Eradus

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 09:51 AM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0