Ubuntu
freeradius package

freeradius 3.2.5 crashes when configured with status_check=status-server and the server is not responding

Bug #2104372 reported by Juha Suhonen
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
freeradius (Ubuntu)
Fix Released
Undecided
Unassigned
Noble
Fix Released
Undecided
Lena Voytek
Oracular
Fix Released
Undecided
Lena Voytek
Plucky
Fix Released
Undecided
Unassigned

Bug Description

[Impact]

Freeradius proxies on Noble/Oraclular that are configured with "status_check = status-server" (default in Ubuntu) will crash after sending out a status request to an unresponsive server.

The fix for this issue should be backported to prevent users from experiencing segmentation faults in this case.

The issue is fixed by an upstream commit that ignores server-side ping packets in stats as parsing them caused the crash.

[Test Plan]

This issue can be reproduced using lxd:

lxc launch ubuntu:{oracular/noble} test-freeradius
lxc exec test-freeradius bash

apt update
apt upgrade
apt install freeradius

- Add a test server with an ip that will not respond successfully, pool, and default realm to proxy.conf

cat <<EOF >/etc/freeradius/3.0/proxy.conf
home_server server1 {
  type = auth
  ipaddr = 192.168.0.1 # IP without a responsive server
  port = 1812
  secret = secret1
  status_check = status-server
}

home_server_pool server1_pool {
  home_server = server1
}

realm DEFAULT {
    nostrip
    auth_pool = server1_pool
}
EOF

- stop background freeradius to run with full debug
systemctl stop freeradius
freeradius -X

- In another window:
lxc exec test-freeradius bash
radtest <email address hidden> pass1 127.0.0.1 0 testing123

-In the original window, something like the following will show up over time until there is a crash

(0) Received Access-Request Id 144 from 127.0.0.1:40818 to 127.0.0.1:1812 length 85
(0) Message-Authenticator = 0xc0d6ee29e5ab335d043ff29fded35eee
(0) User-Name = "<email address hidden>"
(0) User-Password = "pass1"
...
Waking up in 0.3 seconds.
(0) Expecting proxy response no later than 29.666804 seconds from now
Waking up in 29.6 seconds.
(0) Sending duplicate proxied request to home server 192.168.0.1 port 1812 - ID: 150
(0) Sent Access-Request Id 150 from 0.0.0.0:45332 to 192.168.0.1:1812 length 96
(0) Message-Authenticator = 0xc0d6ee29e5ab335d043ff29fded35eee
(0) User-Name = "<email address hidden>"
(0) User-Password = "pass1"
...
(0) Proxy-State = 0x313434
Waking up in 24.9 seconds.
...
No response to status check 1 ID 198 for home server 192.168.0.1 port 1812
Segmentation fault (core dumped)

- When the issue is fixed, freeradius will send out a status message without crashing and continue waiting

[Where problems could occur]

Problems would most likely occur during stats processing, in the case where the request_stats_final function is exited prematurely due to a server ping packet.

[Other Info]

This issue was caused by an upstream regression after jammy's release version and was fixed prior to plucky, so only noble and oracular are affected.

[Original Description]

Hi,

We upgraded a host running freeradius from Ubuntu 22.04 to Ubuntu 24.04 (3.2.5+dfsg-3~ubuntu24.04.2) and noticed freeradius crashes every few minutes. After running the server in debug mode, it seemed like freeradius crashed about 30 seconds after sending a status-server to our configured home_server and not receiving a reply.

[ 541.920486] freeradius[2767]: segfault at 44 ip 00005629c2a28d24 sp 00007ffda6fc0cb8 error 4 in freeradius[5629c2a08000+46000] likely on CPU 1 (core 0, socket 1)

Some Googling found a similar report for Almalinux: https://bugs.almalinux.org/view.php?id=479

Almalinux's report links to this commit as a fix: https://github.com/FreeRADIUS/freeradius-server/commit/3a9449539e4c5a74c85685cad6abe6edf412f701

After changing our home_server configuration from "status_check = status-server" to "status_check = none", these crashes stopped.

See original description

Related branches

~lvoytek/ubuntu/+source/freeradius:fix-status-server-crash-noble
git-ubuntu bot: Approve
John Chittum (community): Approve
Canonical Server Reporter: Pending requested
Diff: 56 lines (+34/-0)
3 files modified
debian/changelog (+7/-0)
debian/patches/lp-2104372-fix-crash-status-server-ping.patch (+26/-0)
debian/patches/series (+1/-0)
~lvoytek/ubuntu/+source/freeradius:fix-status-server-crash-oracular
git-ubuntu bot: Approve
John Chittum (community): Approve
Canonical Server Reporter: Pending requested
Diff: 56 lines (+34/-0)
3 files modified
debian/changelog (+7/-0)
debian/patches/lp-2104372-fix-crash-status-server-ping.patch (+26/-0)
debian/patches/series (+1/-0)
Revision history for this message
Lena Voytek (lvoytek) wrote :

Hello, thank you for the bug report and finding a fix! I created a PPA with a patch of the commit for 24.04 - https://launchpad.net/~lvoytek/+archive/ubuntu/freeradius-fix-status-server-ping-crash

If you would like to test it, you can run the following:

sudo add-apt-repository ppa:lvoytek/freeradius-fix-status-server-ping-crash
sudo apt update
sudo apt upgrade

Thanks!

Changed in freeradius (Ubuntu Noble):
status: New → Triaged
Changed in freeradius (Ubuntu Oracular):
status: New → Triaged
Revision history for this message
Juha Suhonen (juhassi) wrote :

Hi,

We tested your PPA and it fixes this issue, thank you :-)

Revision history for this message
Lena Voytek (lvoytek) wrote :

Thanks for verifying! I will work on adding this to 24.04 and 24.10 :)

Changed in freeradius (Ubuntu Noble):
status: Triaged → In Progress
assignee: nobody → Lena Voytek (lvoytek)
Changed in freeradius (Ubuntu Oracular):
status: Triaged → In Progress
assignee: nobody → Lena Voytek (lvoytek)
tags: added: server-todo
Lena Voytek (lvoytek)
description: updated
Changed in freeradius (Ubuntu Plucky):
status: New → Fix Released
Revision history for this message
Nick Rosbrook (enr0n) wrote :

The uploads in noble and oracular look good to me. The versioning is correct, the patch is minimal and well-documented with dep3 headers, and the test plan seems to cover the fix well.

Revision history for this message
Andreas Hasenack (ahasenack) wrote : Please test proposed package

Hello Juha, or anyone else affected,

Accepted freeradius into oracular-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/freeradius/3.2.5+dfsg-3ubuntu0.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-oracular to verification-done-oracular. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-oracular. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in freeradius (Ubuntu Oracular):
status: In Progress → Fix Committed
tags: added: verification-needed verification-needed-oracular
Changed in freeradius (Ubuntu Noble):
status: In Progress → Fix Committed
tags: added: verification-needed-noble
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Hello Juha, or anyone else affected,

Accepted freeradius into noble-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/freeradius/3.2.5+dfsg-3~ubuntu24.04.3 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-noble to verification-done-noble. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-noble. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Revision history for this message
Ubuntu SRU Bot (ubuntu-sru-bot) wrote : Autopkgtest regression report (freeradius/3.2.5+dfsg-3ubuntu0.2)

All autopkgtests for the newly accepted freeradius (3.2.5+dfsg-3ubuntu0.2) for oracular have finished running.
The following regressions have been reported in tests triggered by the package:

freeradius/unknown (amd64, ppc64el)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/oracular/update_excuses.html#freeradius

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Revision history for this message
Lena Voytek (lvoytek) wrote :

verified for oracular and noble:

lxc launch ubuntu:oracular test-freeradius
lxc exec test-freeradius bash

cat <<EOF >/etc/apt/sources.list.d/ubuntu-$(lsb_release -cs)-proposed.list
# Enable Ubuntu proposed archive
deb http://archive.ubuntu.com/ubuntu/ $(lsb_release -cs)-proposed restricted main multiverse universe
EOF

apt update
apt upgrade

apt install libfreeradius3/oracular-proposed freeradius/oracular-proposed freeradius-utils/oracular-proposed

cat <<EOF >/etc/freeradius/3.0/proxy.conf
home_server server1 {
  type = auth
  ipaddr = 192.168.0.1 # IP without a responsive server
  port = 1812
  secret = secret1
  status_check = status-server
}

home_server_pool server1_pool {
  home_server = server1
}

realm DEFAULT {
    nostrip
    auth_pool = server1_pool
}
EOF

systemctl stop freeradius
freeradius -X

-----

lxc exec test-freeradius bash
radtest <email address hidden> pass1 127.0.0.1 0 testing123

-----

...
Waking up in 3.9 seconds.
No response to status check 1 ID 105 for home server 192.168.0.1 port 1812
Waking up in 0.9 seconds.
(0) Cleaning up request packet ID 78 with timestamp +4 due to cleanup_delay was reached
Waking up in 25.2 seconds.
PING: Zombie period is over for home server server1
Marking home server 192.168.0.1 port 1812 as dead.
PING: Already pinging home server server1
PING: Waiting 4 seconds for response to ping
(2) Sent Status-Server Id 4 from 0.0.0.0:35496 to 192.168.0.1:1812 length 70
...

----------------------------------------

lxc launch ubuntu:noble test-freeradius
lxc exec test-freeradius bash

cat <<EOF >/etc/apt/sources.list.d/ubuntu-$(lsb_release -cs)-proposed.list
# Enable Ubuntu proposed archive
deb http://archive.ubuntu.com/ubuntu/ $(lsb_release -cs)-proposed restricted main multiverse universe
EOF

apt update
apt upgrade

apt install libfreeradius3/noble-proposed freeradius/noble-proposed freeradius-utils/noble-proposed

cat <<EOF >/etc/freeradius/3.0/proxy.conf
home_server server1 {
  type = auth
  ipaddr = 192.168.0.1 # IP without a responsive server
  port = 1812
  secret = secret1
  status_check = status-server
}

home_server_pool server1_pool {
  home_server = server1
}

realm DEFAULT {
    nostrip
    auth_pool = server1_pool
}
EOF

systemctl stop freeradius
freeradius -X

------

lxc exec test-freeradius bash
radtest <email address hidden> pass1 127.0.0.1 0 testing123

-----

...
Waking up in 3.9 seconds.
No response to status check 1 ID 131 for home server 192.168.0.1 port 1812
Waking up in 0.9 seconds.
(0) Cleaning up request packet ID 40 with timestamp +14 due to cleanup_delay was reached
Waking up in 24.9 seconds.
...

tags: added: verification-done verification-done-noble verification-done-oracular
removed: verification-needed verification-needed-noble verification-needed-oracular
Revision history for this message
Timo Aaltonen (tjaalton) wrote : Update Released

The verification of the Stable Release Update for freeradius has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package freeradius - 3.2.5+dfsg-3ubuntu0.2

---------------
freeradius (3.2.5+dfsg-3ubuntu0.2) oracular; urgency=medium

  * d/p/lp-2104372-fix-crash-status-server-ping.patch: Fix crash due to ping
    packet from status server (LP: #2104372)

 -- Lena Voytek <email address hidden> Fri, 28 Mar 2025 13:34:48 -0400

Changed in freeradius (Ubuntu Oracular):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package freeradius - 3.2.5+dfsg-3~ubuntu24.04.3

---------------
freeradius (3.2.5+dfsg-3~ubuntu24.04.3) noble; urgency=medium

  * d/p/lp-2104372-fix-crash-status-server-ping.patch: Fix crash due to ping
    packet from status server (LP: #2104372)

 -- Lena Voytek <email address hidden> Fri, 28 Mar 2025 13:03:23 -0400

Changed in freeradius (Ubuntu Noble):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.