Closed CryptoproctaX closed 1 year ago
Please provide a backtrace as documented in doc/bugs. We can't reproduce this here, so it's difficult to know what's going on in your system.
Just to be clear: if we don't get a gdb
back trace, we will close this bug in a few weeks as "unverified".
No one else is running into this issue. So it's either a very weird bug, or there's something broken on your system.
The only way for us to fix the bug is for you to provide a gdb
back trace. So if you want the bug fixed, do that.
According to the wiki, last night I built v3.2.1 with the "--enable-developer" flag from source to be able to generate the backtrace. I did this on the same system as the previous tests with the package versions.
In the config files of the build-from-source variant (in /usr/local/etc/raddb/) I made exactly the same changes as in the config files of the package variant (in /etc/freeradius) and used the same certificates.
I started the build-from-source variant (/usr/local/sbin/radiusd) and tested if the error happens there too. No, the error does not occur.
I then tested the package variant (/usr/sbin/freeradius) again as a cross check. here the error still occurs.
now it gets crazy:
I just wanted to try if I can create the gdb trace also with the package variant. I started freeradius under gdb and was surprised to see that the error does not occur. The authentication works.
Afterwards I did a cross check and started freeradius without gdb and everything is as before. the error occurs, the application is crashing.
root@vsrv-dus6-rad01:~# gdb freeradius
GNU gdb (Ubuntu 12.1-0ubuntu1~22.04) 12.1
Copyright (C) 2022 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from freeradius...
(No debugging symbols found in freeradius)
(gdb) run -xfl stdout
Starting program: /usr/sbin/freeradius -xfl stdout
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
FreeRADIUS Version 3.2.1
Copyright (C) 1999-2022 The FreeRADIUS server project and contributors
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License
For more information about these matters, see the file named COPYRIGHT
[Detaching after fork from child process 54318]
Starting - reading configuration files ...
Found debugger attached
systemd watchdog is disabled
Creating attribute Unix-Group
rlm_mschap (mschap): using internal authentication
rlm_detail (auth_log): 'User-Password' suppressed, will not appear in detail output
tls: Using cached TLS configuration from previous invocation
tls: Using cached TLS configuration from previous invocation
Compiling Auth-Type PAP for attr Auth-Type
Compiling Auth-Type CHAP for attr Auth-Type
Compiling Auth-Type MS-CHAP for attr Auth-Type
Ignoring "sql" (see raddb/mods-available/README.rst)
Ignoring "ldap" (see raddb/mods-available/README.rst)
Compiling Autz-Type New-TLS-Connection for attr Autz-Type
Compiling Post-Auth-Type REJECT for attr Post-Auth-Type
Compiling Post-Auth-Type Challenge for attr Post-Auth-Type
Compiling Post-Auth-Type Client-Lost for attr Post-Auth-Type
Compiling Auth-Type PAP for attr Auth-Type
Compiling Auth-Type CHAP for attr Auth-Type
Compiling Auth-Type MS-CHAP for attr Auth-Type
# Skipping contents of 'if' as it is always 'false' -- /etc/freeradius/sites-enabled/inner-tunnel:336
Compiling Post-Auth-Type REJECT for attr Post-Auth-Type
[New Thread 0x7ffff2a3b640 (LWP 54319)]
[New Thread 0x7ffff223a640 (LWP 54320)]
[New Thread 0x7ffff1a39640 (LWP 54321)]
[New Thread 0x7ffff1238640 (LWP 54322)]
[New Thread 0x7ffff0a37640 (LWP 54323)]
radiusd: #### Opening IP addresses and Ports ####
Listening on auth address * port 1812 bound to server default
Listening on acct address * port 1813 bound to server default
Listening on auth address :: port 1812 bound to server default
Listening on acct address :: port 1813 bound to server default
Listening on auth address 127.0.0.1 port 18120 bound to server inner-tunnel
Listening on proxy address * port 42623
Listening on proxy address :: port 38677
Ready to process requests
Waking up in 0.3 seconds.
(0) Received Access-Request Id 29 from 192.168.3.12:43076 to 192.168.20.91:1812 length 238
(0) User-Name = "daniel.niewerth"
(0) NAS-IP-Address = 192.168.3.12
(0) NAS-Identifier = "fa9fc2f59ae7"
(0) Called-Station-Id = "FA-9F-C2-F5-9A-E7:AS34936"
(0) NAS-Port-Type = Wireless-802.11
(0) Service-Type = Framed-User
(0) Calling-Station-Id = "26-0A-BD-F9-BD-39"
(0) Connect-Info = "CONNECT 0Mbps 802.11b"
(0) Acct-Session-Id = "AED6D178A0EAEF80"
(0) Acct-Multi-Session-Id = "2362C02DC7B8CCC7"
(0) WLAN-Pairwise-Cipher = 1027076
(0) WLAN-Group-Cipher = 1027076
(0) WLAN-AKM-Suite = 1027073
(0) Framed-MTU = 1400
(0) EAP-Message = 0x02ec00140164616e69656c2e6e69657765727468
(0) Message-Authenticator = 0x6a893394b863bcfcefdaec705b9e595d
(0) # Executing section authorize from file /etc/freeradius/sites-enabled/default
(0) # Executing group from file /etc/freeradius/sites-enabled/default
(0) eap: EAP session adding &reply:State = 0xe8801569e86d11fa
(0) # Executing group from file /etc/freeradius/sites-enabled/default
(0) Sent Access-Challenge Id 29 from 192.168.20.91:1812 to 192.168.3.12:43076 length 80
(0) EAP-Message = 0x01ed001604102205e61abd48fb6934b611978671f29f
(0) Message-Authenticator = 0x00000000000000000000000000000000
(0) State = 0xe8801569e86d11fa559e600794b363d7
Waking up in 0.2 seconds.
(1) Received Access-Request Id 30 from 192.168.3.12:43076 to 192.168.20.91:1812 length 242
(1) User-Name = "daniel.niewerth"
(1) NAS-IP-Address = 192.168.3.12
(1) NAS-Identifier = "fa9fc2f59ae7"
(1) Called-Station-Id = "FA-9F-C2-F5-9A-E7:AS34936"
(1) NAS-Port-Type = Wireless-802.11
(1) Service-Type = Framed-User
(1) Calling-Station-Id = "26-0A-BD-F9-BD-39"
(1) Connect-Info = "CONNECT 0Mbps 802.11b"
(1) Acct-Session-Id = "AED6D178A0EAEF80"
(1) Acct-Multi-Session-Id = "2362C02DC7B8CCC7"
(1) WLAN-Pairwise-Cipher = 1027076
(1) WLAN-Group-Cipher = 1027076
(1) WLAN-AKM-Suite = 1027073
(1) Framed-MTU = 1400
(1) EAP-Message = 0x02ed0006030d
(1) State = 0xe8801569e86d11fa559e600794b363d7
(1) Message-Authenticator = 0xb504a4debb688c834298366951ebfe2f
(1) # Executing section authorize from file /etc/freeradius/sites-enabled/default
Not doing PAP as Auth-Type is already set.
(1) # Executing group from file /etc/freeradius/sites-enabled/default
(1) eap: Expiring EAP session with state 0xe8801569e86d11fa
(1) eap: Finished EAP session with state 0xe8801569e86d11fa
(1) eap: Previous EAP request found for state 0xe8801569e86d11fa, released from the list
(1) eap: Found mutually acceptable type TLS (13)
(1) eap: EAP session adding &reply:State = 0xe8801569e96e18fa
(1) # Executing group from file /etc/freeradius/sites-enabled/default
(1) Framed-MTU = 994
(1) Sent Access-Challenge Id 30 from 192.168.20.91:1812 to 192.168.3.12:43076 length 81
(1) Tunnel-Type = VLAN
(1) Tunnel-Medium-Type = IEEE-802
(1) Tunnel-Private-Group-Id = "200"
(1) EAP-Message = 0x01ee00060d20
(1) Message-Authenticator = 0x00000000000000000000000000000000
(1) State = 0xe8801569e96e18fa559e600794b363d7
Waking up in 0.2 seconds.
(2) Received Access-Request Id 31 from 192.168.3.12:43076 to 192.168.20.91:1812 length 397
(2) User-Name = "daniel.niewerth"
(2) NAS-IP-Address = 192.168.3.12
(2) NAS-Identifier = "fa9fc2f59ae7"
(2) Called-Station-Id = "FA-9F-C2-F5-9A-E7:AS34936"
(2) NAS-Port-Type = Wireless-802.11
(2) Service-Type = Framed-User
(2) Calling-Station-Id = "26-0A-BD-F9-BD-39"
(2) Connect-Info = "CONNECT 0Mbps 802.11b"
(2) Acct-Session-Id = "AED6D178A0EAEF80"
(2) Acct-Multi-Session-Id = "2362C02DC7B8CCC7"
(2) WLAN-Pairwise-Cipher = 1027076
(2) WLAN-Group-Cipher = 1027076
(2) WLAN-AKM-Suite = 1027073
(2) Framed-MTU = 1400
(2) EAP-Message = 0x02ee00a10d800000009716030100920100008e030363ade078022b3affeb3efec509e3fbcb0c782a2f8cb3363e018dcdc40ae6aef100002c00ffc02cc02bc024c023c00ac009c008c030c02fc028c027c014c013c012009d009c003d003c0035002f000a01000039000a00080006001700180019000b00020100000d00120010040102010501060104030203050306030005000501000000000012000000170000
(2) State = 0xe8801569e96e18fa559e600794b363d7
(2) Message-Authenticator = 0x14c84f86f7ccc06ee027f3da6fc7d5bc
(2) # Executing section authorize from file /etc/freeradius/sites-enabled/default
(2) # Executing group from file /etc/freeradius/sites-enabled/default
(2) eap: Expiring EAP session with state 0xe8801569e96e18fa
(2) eap: Finished EAP session with state 0xe8801569e96e18fa
(2) eap: Previous EAP request found for state 0xe8801569e96e18fa, released from the list
(2) eap: EAP session adding &reply:State = 0xe8801569ea6f18fa
(2) # Executing group from file /etc/freeradius/sites-enabled/default
(2) Framed-MTU = 994
(2) TLS-Session-Information = "(TLS) recv TLS 1.3 Handshake, ClientHello"
(2) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHello"
(2) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Certificate"
(2) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerKeyExchange"
(2) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, CertificateRequest"
(2) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHelloDone"
(2) Sent Access-Challenge Id 31 from 192.168.20.91:1812 to 192.168.3.12:43076 length 1085
(2) Tunnel-Type = VLAN
(2) Tunnel-Medium-Type = IEEE-802
(2) Tunnel-Private-Group-Id = "200"
(2) EAP-Message = 0x01ef03ec0dc000001300160303003d020000390303c7b7490e70ea37919461ad9d1dd026ca3f37701e2df1e598d2a54137a3efd9a700c02c000011ff01000100000b0004030001020017000016030310630b00105f00105c00030d308203093082028ea0030201020214267bddb6183d47bbe3ca532716a4e5262ba14cbf300a06082a8648ce3d04030230633120301e06035504030c17415333343933362045434320497373756520434120583131143012060355040a0c0b415333343933362e6e6574311c301a06035504080c134e6f7264726865696e2d5765737466616c656e310b3009060355040613024445301e170d3232313232373230343233355a170d3234313232363230343233345a3081dd311c301a06092a864886f70d0109080c0d3139322e3136382e32302e39313135303306092a864886f70d0109020c26767372762d647573362d72616430312e7072642e6475732e64652e617333343933362e6e6574312f302d06035504030c26767372762d
(2) Message-Authenticator = 0x00000000000000000000000000000000
(2) State = 0xe8801569ea6f18fa559e600794b363d7
Waking up in 0.2 seconds.
(3) Received Access-Request Id 32 from 192.168.3.12:43076 to 192.168.20.91:1812 length 242
(3) User-Name = "daniel.niewerth"
(3) NAS-IP-Address = 192.168.3.12
(3) NAS-Identifier = "fa9fc2f59ae7"
(3) Called-Station-Id = "FA-9F-C2-F5-9A-E7:AS34936"
(3) NAS-Port-Type = Wireless-802.11
(3) Service-Type = Framed-User
(3) Calling-Station-Id = "26-0A-BD-F9-BD-39"
(3) Connect-Info = "CONNECT 0Mbps 802.11b"
(3) Acct-Session-Id = "AED6D178A0EAEF80"
(3) Acct-Multi-Session-Id = "2362C02DC7B8CCC7"
(3) WLAN-Pairwise-Cipher = 1027076
(3) WLAN-Group-Cipher = 1027076
(3) WLAN-AKM-Suite = 1027073
(3) Framed-MTU = 1400
(3) EAP-Message = 0x02ef00060d00
(3) State = 0xe8801569ea6f18fa559e600794b363d7
(3) Message-Authenticator = 0x878639b8e4fb23b7552197f28c7dfa8e
(3) # Executing section authorize from file /etc/freeradius/sites-enabled/default
(3) # Executing group from file /etc/freeradius/sites-enabled/default
(3) eap: Expiring EAP session with state 0xe8801569ea6f18fa
(3) eap: Finished EAP session with state 0xe8801569ea6f18fa
(3) eap: Previous EAP request found for state 0xe8801569ea6f18fa, released from the list
(3) eap: EAP session adding &reply:State = 0xe8801569eb7018fa
(3) # Executing group from file /etc/freeradius/sites-enabled/default
(3) Framed-MTU = 994
(3) TLS-Session-Information = "(TLS) recv TLS 1.3 Handshake, ClientHello"
(3) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHello"
(3) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Certificate"
(3) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerKeyExchange"
(3) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, CertificateRequest"
(3) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHelloDone"
(3) Sent Access-Challenge Id 32 from 192.168.20.91:1812 to 192.168.3.12:43076 length 1085
(3) Tunnel-Type = VLAN
(3) Tunnel-Medium-Type = IEEE-802
(3) Tunnel-Private-Group-Id = "200"
(3) EAP-Message = 0x01f003ec0dc00000130065696e2d5765737466616c656e310b3009060355040613024445301e170d3232313232353139343935335a170d3237313232343139343935325a30633120301e06035504030c17415333343933362045434320497373756520434120583131143012060355040a0c0b415333343933362e6e6574311c301a06035504080c134e6f7264726865696e2d5765737466616c656e310b30090603550406130244453076301006072a8648ce3d020106052b8104002203620004c5e19be88e22a34f8bbbf300b4f2bb62d7f6374faf0bed316dc821305c918bad130c40ea0e44020b6b9f52cda519c8888e5729d00f3df059827209d1fcd728c816867279ee27c741c8401c3e6c4dc6318b791a8ced92cf97da999a82c340a6bda38202a33082029f300f0603551d130101ff040530030101ff301f0603551d230418301680143cb810f22b53a270cc8887f5182e9d46088c5487304f06082b0601050507010104433041303f06082b06010505073001
(3) Message-Authenticator = 0x00000000000000000000000000000000
(3) State = 0xe8801569eb7018fa559e600794b363d7
(4) Received Access-Request Id 33 from 192.168.3.12:43076 to 192.168.20.91:1812 length 242
(4) User-Name = "daniel.niewerth"
(4) NAS-IP-Address = 192.168.3.12
(4) NAS-Identifier = "fa9fc2f59ae7"
(4) Called-Station-Id = "FA-9F-C2-F5-9A-E7:AS34936"
(4) NAS-Port-Type = Wireless-802.11
(4) Service-Type = Framed-User
(4) Calling-Station-Id = "26-0A-BD-F9-BD-39"
(4) Connect-Info = "CONNECT 0Mbps 802.11b"
(4) Acct-Session-Id = "AED6D178A0EAEF80"
(4) Acct-Multi-Session-Id = "2362C02DC7B8CCC7"
(4) WLAN-Pairwise-Cipher = 1027076
(4) WLAN-Group-Cipher = 1027076
(4) WLAN-AKM-Suite = 1027073
(4) Framed-MTU = 1400
(4) EAP-Message = 0x02f000060d00
Waking up in 0.1 seconds.
(4) State = 0xe8801569eb7018fa559e600794b363d7
(4) Message-Authenticator = 0x00ae97047c7e4d306f9dcdacf92a5c6e
(4) # Executing section authorize from file /etc/freeradius/sites-enabled/default
(4) # Executing group from file /etc/freeradius/sites-enabled/default
(4) eap: Expiring EAP session with state 0xe8801569eb7018fa
(4) eap: Finished EAP session with state 0xe8801569eb7018fa
(4) eap: Previous EAP request found for state 0xe8801569eb7018fa, released from the list
(4) eap: EAP session adding &reply:State = 0xe8801569ec7118fa
(4) # Executing group from file /etc/freeradius/sites-enabled/default
(4) Framed-MTU = 994
(4) TLS-Session-Information = "(TLS) recv TLS 1.3 Handshake, ClientHello"
(4) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHello"
(4) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Certificate"
(4) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerKeyExchange"
(4) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, CertificateRequest"
(4) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHelloDone"
(4) Sent Access-Challenge Id 33 from 192.168.20.91:1812 to 192.168.3.12:43076 length 1085
(4) Tunnel-Type = VLAN
(4) Tunnel-Medium-Type = IEEE-802
(4) Tunnel-Private-Group-Id = "200"
(4) EAP-Message = 0x01f103ec0dc000001300121d45c14900d6d5fa21b4fad194b1779ca2b35e02ae74fa101915dc131f86023100ae3421759119ce02dd265d9d783c409730af3cc843871b7b350096553c9c91950f0f2662e658adcd5386e62f0442048500044b30820447308203cda00302010202146d9693e7790784d0b18d769b31500ec42131b400300a06082a8648ce3d0403023062311f301d06035504030c16415333343933362045434320526f6f7420434120583131143012060355040a0c0b415333343933362e6e6574311c301a06035504080c134e6f7264726865696e2d5765737466616c656e310b3009060355040613024445301e170d3232313232353139343033395a170d3332313232323139343033385a306a3127302506035504030c1e415333343933362045434320496e7465726d65646961746520434120583131143012060355040a0c0b415333343933362e6e6574311c301a06035504080c134e6f7264726865696e2d5765737466616c656e310b30090603
(4) Message-Authenticator = 0x00000000000000000000000000000000
(4) State = 0xe8801569ec7118fa559e600794b363d7
Waking up in 0.1 seconds.
(5) Received Access-Request Id 34 from 192.168.3.12:43076 to 192.168.20.91:1812 length 242
(5) User-Name = "daniel.niewerth"
(5) NAS-IP-Address = 192.168.3.12
(5) NAS-Identifier = "fa9fc2f59ae7"
(5) Called-Station-Id = "FA-9F-C2-F5-9A-E7:AS34936"
(5) NAS-Port-Type = Wireless-802.11
(5) Service-Type = Framed-User
(5) Calling-Station-Id = "26-0A-BD-F9-BD-39"
(5) Connect-Info = "CONNECT 0Mbps 802.11b"
(5) Acct-Session-Id = "AED6D178A0EAEF80"
(5) Acct-Multi-Session-Id = "2362C02DC7B8CCC7"
(5) WLAN-Pairwise-Cipher = 1027076
(5) WLAN-Group-Cipher = 1027076
(5) WLAN-AKM-Suite = 1027073
(5) Framed-MTU = 1400
(5) EAP-Message = 0x02f100060d00
(5) State = 0xe8801569ec7118fa559e600794b363d7
(5) Message-Authenticator = 0x31990bc261400e894be7b31ade8bb281
(5) # Executing section authorize from file /etc/freeradius/sites-enabled/default
(5) # Executing group from file /etc/freeradius/sites-enabled/default
(5) eap: Expiring EAP session with state 0xe8801569ec7118fa
(5) eap: Finished EAP session with state 0xe8801569ec7118fa
(5) eap: Previous EAP request found for state 0xe8801569ec7118fa, released from the list
(5) eap: EAP session adding &reply:State = 0xe8801569ed7218fa
(5) # Executing group from file /etc/freeradius/sites-enabled/default
(5) Framed-MTU = 994
(5) TLS-Session-Information = "(TLS) recv TLS 1.3 Handshake, ClientHello"
(5) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHello"
(5) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Certificate"
(5) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerKeyExchange"
(5) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, CertificateRequest"
(5) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHelloDone"
(5) Sent Access-Challenge Id 34 from 192.168.20.91:1812 to 192.168.3.12:43076 length 1085
(5) Tunnel-Type = VLAN
(5) Tunnel-Medium-Type = IEEE-802
(5) Tunnel-Private-Group-Id = "200"
(5) EAP-Message = 0x01f203ec0dc000001300696e2d5765737466616c656e310b3009060355040613024445301d0603551d0e041604143cb810f22b53a270cc8887f5182e9d46088c5487300e0603551d0f0101ff040403020186300a06082a8648ce3d0403020368003065023062564868059fa64a19162940b636a3099db4c74ea1979039d01e03b578403351121b9e8d69f5bcb8d39d5cd91bd3e8e9023100f0e6b3fa7502c262eeb77779cce6c4952d64d17058c22083999c346696174d631f3904b6d0e2b036232b2cef4495cb1e0004433082043f308203c5a00302010202142721b58c0ec977454067689d9bfb5160731fbe70300a06082a8648ce3d0403023062311f301d06035504030c16415333343933362045434320526f6f7420434120583131143012060355040a0c0b415333343933362e6e6574311c301a06035504080c134e6f7264726865696e2d5765737466616c656e310b3009060355040613024445301e170d3232313232353135333230375a170d343731323139
(5) Message-Authenticator = 0x00000000000000000000000000000000
(5) State = 0xe8801569ed7218fa559e600794b363d7
(6) Received Access-Request Id 35 from 192.168.3.12:43076 to 192.168.20.91:1812 length 242
(6) User-Name = "daniel.niewerth"
(6) NAS-IP-Address = 192.168.3.12
(6) NAS-Identifier = "fa9fc2f59ae7"
(6) Called-Station-Id = "FA-9F-C2-F5-9A-E7:AS34936"
(6) NAS-Port-Type = Wireless-802.11
(6) Service-Type = Framed-User
(6) Calling-Station-Id = "26-0A-BD-F9-BD-39"
(6) Connect-Info = "CONNECT 0Mbps 802.11b"
(6) Acct-Session-Id = "AED6D178A0EAEF80"
(6) Acct-Multi-Session-Id = "2362C02DC7B8CCC7"
(6) WLAN-Pairwise-Cipher = 1027076
(6) WLAN-Group-Cipher = 1027076
(6) WLAN-AKM-Suite = 1027073
(6) Framed-MTU = 1400
(6) EAP-Message = 0x02f200060d00
(6) State = 0xe8801569ed7218fa559e600794b363d7
(6) Message-Authenticator = 0x374d1672a0b0bc8611720ea1bded1700
(6) # Executing section authorize from file /etc/freeradius/sites-enabled/default
(6) # Executing group from file /etc/freeradius/sites-enabled/default
(6) eap: Expiring EAP session with state 0xe8801569ed7218fa
(6) eap: Finished EAP session with state 0xe8801569ed7218fa
(6) eap: Previous EAP request found for state 0xe8801569ed7218fa, released from the list
(6) eap: EAP session adding &reply:State = 0xe8801569ee7318fa
(6) # Executing group from file /etc/freeradius/sites-enabled/default
(6) Framed-MTU = 994
(6) TLS-Session-Information = "(TLS) recv TLS 1.3 Handshake, ClientHello"
(6) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHello"
(6) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Certificate"
(6) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerKeyExchange"
(6) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, CertificateRequest"
(6) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHelloDone"
(6) Sent Access-Challenge Id 35 from 192.168.20.91:1812 to 192.168.3.12:43076 length 979
(6) Tunnel-Type = VLAN
(6) Tunnel-Medium-Type = IEEE-802
(6) Tunnel-Private-Group-Id = "200"
(6) EAP-Message = 0x01f303820d8000001300696e2d5765737466616c656e253243432533444445a266a4643062311f301d06035504030c16415333343933362045434320526f6f7420434120583131143012060355040a0c0b415333343933362e6e6574311c301a06035504080c134e6f7264726865696e2d5765737466616c656e310b3009060355040613024445301d0603551d0e04160414ee40f58463599e9d3edeb2adeef95b253b70c61a300e0603551d0f0101ff040403020186300a06082a8648ce3d040302036800306502304d6fdf9a7ebdb0530b66964cda674d78d535aee37404075504a3bcc8c20d3ef77126736a306b017eb85098830254a4a2023100bd5027203964139850d847e23bc22a9a7f84b73d891eb1ac37f5e225ff98c8d67ec089b35ec6a44d87f38f5c440198f816030300d40c0000d00300186104f448e4e09b848393e6f0dbedfd066c61a5b8bd8eb0b7e42675c43f8dd1f1f2e54ded747fe20c61837a9db45e3b03545d59a8e07fdc1643b8b37e2adc5b
(6) Message-Authenticator = 0x00000000000000000000000000000000
(6) State = 0xe8801569ee7318fa559e600794b363d7
Waking up in 0.1 seconds.
(7) Received Access-Request Id 36 from 192.168.3.12:43076 to 192.168.20.91:1812 length 1207
(7) User-Name = "daniel.niewerth"
(7) NAS-IP-Address = 192.168.3.12
(7) NAS-Identifier = "fa9fc2f59ae7"
(7) Called-Station-Id = "FA-9F-C2-F5-9A-E7:AS34936"
(7) NAS-Port-Type = Wireless-802.11
(7) Service-Type = Framed-User
(7) Calling-Station-Id = "26-0A-BD-F9-BD-39"
(7) Connect-Info = "CONNECT 0Mbps 802.11b"
(7) Acct-Session-Id = "AED6D178A0EAEF80"
(7) Acct-Multi-Session-Id = "2362C02DC7B8CCC7"
(7) WLAN-Pairwise-Cipher = 1027076
(7) WLAN-Group-Cipher = 1027076
(7) WLAN-AKM-Suite = 1027073
(7) Framed-MTU = 1400
(7) EAP-Message = 0x02f303c50d80000003bb16030302a50b0002a100029e00029b308202973082021da003020102021413b821bfca7511be4b4ad55b885271d35221dbf5300a06082a8648ce3d04030230633120301e06035504030c17415333343933362045434320497373756520434120583131143012060355040a0c0b415333343933362e6e6574311c301a06035504080c134e6f7264726865696e2d5765737466616c656e310b3009060355040613024445301e170d3232313232373231343535365a170d3234313232363231343535355a30763118301606035504030c0f64616e69656c2e6e69657765727468310f300d060355042a0c0644616e69656c3111300f06035504040c084e6965776572746831143012060355040a0c0b415333343933362e6e65743113301106035504070c0a4f62657268617573656e310b30090603550406130244453076301006072a8648ce3d020106052b810400220362000400ce2b90551ab2a7569807cef677b8969f3afff8f2af5d0f5426
(7) State = 0xe8801569ee7318fa559e600794b363d7
(7) Message-Authenticator = 0x81793234b06366f70274cbbdcc7acd08
(7) # Executing section authorize from file /etc/freeradius/sites-enabled/default
(7) # Executing group from file /etc/freeradius/sites-enabled/default
(7) eap: Expiring EAP session with state 0xe8801569ee7318fa
(7) eap: Finished EAP session with state 0xe8801569ee7318fa
(7) eap: Previous EAP request found for state 0xe8801569ee7318fa, released from the list
(7) eap: EAP session adding &reply:State = 0xe8801569ef7418fa
(7) # Executing group from file /etc/freeradius/sites-enabled/default
(7) Framed-MTU = 994
(7) TLS-Session-Information = "(TLS) recv TLS 1.3 Handshake, ClientHello"
(7) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHello"
(7) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Certificate"
(7) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerKeyExchange"
(7) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, CertificateRequest"
(7) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, ServerHelloDone"
(7) TLS-Session-Information = "(TLS) recv TLS 1.2 Handshake, Certificate"
(7) TLS-Session-Information = "(TLS) recv TLS 1.2 Handshake, ClientKeyExchange"
(7) TLS-Session-Information = "(TLS) recv TLS 1.2 Handshake, CertificateVerify"
(7) TLS-Session-Information = "(TLS) recv TLS 1.2 Handshake, Finished"
(7) TLS-Session-Information = "(TLS) send TLS 1.2 ChangeCipherSpec"
(7) TLS-Session-Information = "(TLS) send TLS 1.2 Handshake, Finished"
(7) TLS-Session-Cipher-Suite = "ECDHE-ECDSA-AES256-GCM-SHA384"
(7) TLS-Session-Version = "TLS 1.2"
(7) Sent Access-Challenge Id 36 from 192.168.20.91:1812 to 192.168.3.12:43076 length 136
(7) Tunnel-Type = VLAN
(7) Tunnel-Medium-Type = IEEE-802
(7) Tunnel-Private-Group-Id = "200"
(7) EAP-Message = 0x01f4003d0d80000000331403030001011603030028cb9c87e907b53eb0ad374c7fc4838d9bcd153fb215753fdf2efdd0227fb64ff71f2295119362471d
(7) Message-Authenticator = 0x00000000000000000000000000000000
(7) State = 0xe8801569ef7418fa559e600794b363d7
(8) Received Access-Request Id 37 from 192.168.3.12:43076 to 192.168.20.91:1812 length 242
(8) User-Name = "daniel.niewerth"
(8) NAS-IP-Address = 192.168.3.12
(8) NAS-Identifier = "fa9fc2f59ae7"
(8) Called-Station-Id = "FA-9F-C2-F5-9A-E7:AS34936"
(8) NAS-Port-Type = Wireless-802.11
(8) Service-Type = Framed-User
(8) Calling-Station-Id = "26-0A-BD-F9-BD-39"
(8) Connect-Info = "CONNECT 0Mbps 802.11b"
(8) Acct-Session-Id = "AED6D178A0EAEF80"
(8) Acct-Multi-Session-Id = "2362C02DC7B8CCC7"
(8) WLAN-Pairwise-Cipher = 1027076
(8) WLAN-Group-Cipher = 1027076
(8) WLAN-AKM-Suite = 1027073
(8) Framed-MTU = 1400
(8) EAP-Message = 0x02f400060d00
(8) State = 0xe8801569ef7418fa559e600794b363d7
(8) Message-Authenticator = 0xda603239908e585aa9589fc7e2d67136
(8) # Executing section authorize from file /etc/freeradius/sites-enabled/default
(8) # Executing group from file /etc/freeradius/sites-enabled/default
(8) eap: Expiring EAP session with state 0xe8801569ef7418fa
(8) eap: Finished EAP session with state 0xe8801569ef7418fa
(8) eap: Previous EAP request found for state 0xe8801569ef7418fa, released from the list
(8) # Executing section post-auth from file /etc/freeradius/sites-enabled/default
(8) &reply::Framed-MTU += &session-state:Framed-MTU[*] -> 994
(8) &reply::TLS-Session-Information += &session-state:TLS-Session-Information[*] -> '(TLS) recv TLS 1.3 Handshake, ClientHello'
(8) &reply::TLS-Session-Information += &session-state:TLS-Session-Information[*] -> '(TLS) send TLS 1.2 Handshake, ServerHello'
(8) &reply::TLS-Session-Information += &session-state:TLS-Session-Information[*] -> '(TLS) send TLS 1.2 Handshake, Certificate'
(8) &reply::TLS-Session-Information += &session-state:TLS-Session-Information[*] -> '(TLS) send TLS 1.2 Handshake, ServerKeyExchange'
(8) &reply::TLS-Session-Information += &session-state:TLS-Session-Information[*] -> '(TLS) send TLS 1.2 Handshake, CertificateRequest'
(8) &reply::TLS-Session-Information += &session-state:TLS-Session-Information[*] -> '(TLS) send TLS 1.2 Handshake, ServerHelloDone'
(8) &reply::TLS-Session-Information += &session-state:TLS-Session-Information[*] -> '(TLS) recv TLS 1.2 Handshake, Certificate'
(8) &reply::TLS-Session-Information += &session-state:TLS-Session-Information[*] -> '(TLS) recv TLS 1.2 Handshake, ClientKeyExchange'
(8) &reply::TLS-Session-Information += &session-state:TLS-Session-Information[*] -> '(TLS) recv TLS 1.2 Handshake, CertificateVerify'
(8) &reply::TLS-Session-Information += &session-state:TLS-Session-Information[*] -> '(TLS) recv TLS 1.2 Handshake, Finished'
(8) &reply::TLS-Session-Information += &session-state:TLS-Session-Information[*] -> '(TLS) send TLS 1.2 ChangeCipherSpec'
(8) &reply::TLS-Session-Information += &session-state:TLS-Session-Information[*] -> '(TLS) send TLS 1.2 Handshake, Finished'
(8) &reply::TLS-Session-Cipher-Suite += &session-state:TLS-Session-Cipher-Suite[*] -> 'ECDHE-ECDSA-AES256-GCM-SHA384'
(8) &reply::TLS-Session-Version += &session-state:TLS-Session-Version[*] -> 'TLS 1.2'
(8) Sent Access-Accept Id 37 from 192.168.20.91:1812 to 192.168.3.12:43076 length 200
(8) Tunnel-Type = VLAN
(8) Tunnel-Medium-Type = IEEE-802
(8) Tunnel-Private-Group-Id = "200"
(8) MS-MPPE-Recv-Key = 0x5081553f0730e72a35dcc00e23319b24672fde86f460b4b34fc2de416bc15a70
(8) MS-MPPE-Send-Key = 0x53671848a0194cc57cd7ee1a91087485ac69356d8ae60ceeed13fcd7bb15629b
(8) EAP-Message = 0x03f40004
(8) Message-Authenticator = 0x00000000000000000000000000000000
(8) User-Name = "daniel.niewerth"
(8) Framed-MTU += 994
Waking up in 4.3 seconds.
Ready to process requests
@CryptoproctaX the msg doesn't have any crashes. could you redo the tests until getting a similar error as you mentioned in your ticket? Please, follow the steps available at https://wiki.freeradius.org/project/bug-reports
@jpereira I am not sure if you read what I had just written. When I start freeradius under gdb the error does not occur. I have repeated the test several times.
If I start freeradius (package variant) without gdb the error occurs at every attempt.
You could try rebuilding with ./configure --enable-address-sanitizer ...
. Recent versions of GCC and LLVM support that.
If the crash is to due buffer over-runs or use after free, the sanitizer code will print out full stack traces, without using gdb.
Without any additional information, it will be impossible for us to fix this.
No further information so this is impossible to debug as-is.
What type of defect/bug is this?
Crash or memory corruption (segv, abort, etc...)
How can the issue be reproduced?
The Server was freshly installed under Ubuntu 22.04.1 LTS (GNU/Linux 5.15.0-56-generic x86_64). FreeRADIUS version 3.0.26 was first installed from the Ubuntu package sources. Due to the problem described here, I later updated FreeRadius to version 3.2.1 via the networkradius.com package sources. The problem occurs in both versions.
The problem is that FreeRadius crashes with a segfault on every EAP-TLS authentication attempt.
The server configuration is essentially unchanged. I only changed what was necessary to include my certificates and to define the Radius clients and a test user.
The certificates were generated by an external CA. They are EC certificates.
The authentication attempts of the test user were done from an iPhone with iOS 16.1.1.
Log output from the FreeRADIUS daemon
Relevant log output from client utilities
Backtrace from LLDB or GDB
No response