FreeRADIUS/pam_radius

pam_radius_auth.c crash ABRT in talk_radius function

adireddi77 opened this issue · 4 comments

We are using pam_radius 1.4 with CISCO ACS 5.8 and see an intermediate issue of the talk_radius function causing JVM crash. Following is the stack trace from core dump --

#0 0x00007f57cf7b85e5 in raise () from /lib64/libc.so.6
#1 0x00007f57cf7b9dc5 in abort () from /lib64/libc.so.6
#2 0x00007f57cf7f64f7 in __libc_message () from /lib64/libc.so.6
#3 0x00007f57cf8886d7 in __fortify_fail () from /lib64/libc.so.6
#4 0x00007f57cf8886a0 in __stack_chk_fail () from /lib64/libc.so.6
#5 0x00007f536e8d3f66 in talk_radius (conf=Unhandled dwarf expression opcode 0xf3
) at src/pam_radius_auth.c:1015
#6 0x00007f536e8d46dc in pam_sm_authenticate (pamh=0x7f56a0000000, flags=Unhandled dwarf expression opcode 0xf3
) at src/pam_radius_auth.c:1190
#7 0x00007f5374c89cee in ?? () from /lib64/libpam.so.0.82.2
#8 0x00007f5374c89600 in pam_authenticate () from /lib64/libpam.so.0.82.2

We are suspecting stack corruption in talk_radius().

Please try the latest master branch. I believe that the issue is already fixed.

Can you point out the changes that fixes the stack corruption above.

How about trying the new code. That would be faster than asking someone else to do your work for you.

With the master branch I am still seeing this issue where even valid users are not successfully authenticated. Does not seem that the credentials are being even sent. Code seems to hitting the FD size --

java: pam_radius_auth: Got user name xxxxxxxx
java: pam_radius_auth: Unusable socket, FD is larger than 1024
java: pam_radius_auth: Unusable socket, FD is larger than 1024

Is there any way to overcome this issue ?