Segmentation fault if sqlite query fails
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Project Moonshot |
Invalid
|
Undecided
|
Unassigned |
Bug Description
The backtrace is pretty useless for this, but fortunately, very reproducible.
It seems if the sqlite query fails...
(0) <<< TLS 1.0 Handshake [length 0010], ClientKeyExchange
rlm_sql (psksql): Reserved connection (4)
rlm_sql (psksql): Executing query: 'select hex(key) from psk_keys where keyid = 'key-5d8729';'
(0) SQL query failed
rlm_sql (psksql): Released connection (4)
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff5b
This probably has security significance - it'd be possible to remotely knock a AAA server offline using this.
-------------------
#0 0x00007ffff5b233ea in ?? () from /lib/x86_
No symbol table info available.
#1 0x0000000000431170 in psk_server_callback (ssl=<optimized out>, identity=
psk_len = 0
conf = 0x9382f0
request = 0x98d350
#2 0x00007ffff77b167c in ?? () from /usr/lib/
No symbol table info available.
#3 0x00007ffff77b3a7f in ?? () from /usr/lib/
No symbol table info available.
#4 0x00007ffff77be3e8 in ?? () from /usr/lib/
No symbol table info available.
#5 0x00007ffff77bb0f2 in ?? () from /usr/lib/
No symbol table info available.
#6 0x0000000000432bd8 in tls_handshake_recv (request=
err = <optimized out>
#7 0x00000000004352dc in tls_socket_recv (listener=0x98be30) at src/main/
doing_init = <optimized out>
rcode = <optimized out>
packet = <optimized out>
request = <optimized out>
sock = 0x98cd00
status = <optimized out>
client = 0x9409e0
#8 dual_tls_recv (listener=0x98be30) at src/main/
packet = <optimized out>
request = <optimized out>
fun = 0
sock = 0x98cd00
client = 0x9409e0
#9 0x000000000042647d in event_socket_
listener = <optimized out>
#10 0x00007ffff736b7a5 in fr_event_loop (el=0x91e1c0) at src/lib/event.c:414
ef = 0x91e2b0
i = <optimized out>
rcode = 1
maxfd = 26
when = {tv_sec = 1386956439, tv_usec = 0}
wake = <optimized out>
read_fds = {fds_bits = {67108864, 0 <repeats 15 times>}}
master_fds = {fds_bits = {100532224, 0 <repeats 15 times>}}
#11 0x000000000042be81 in radius_
No locals.
#12 0x000000000040e1e5 in main (argc=<optimized out>, argv=<optimized out>) at src/main/
rcode = 0
status = <optimized out>
argval = <optimized out>
spawn_flag = 1
dont_fork = 1
write_pid = 0
flag = 0
act = {__sigaction_
Incidentally, the root cause is the key db not being readable by FreeRADIUS.