** Description changed:
+ [Impact]
+
+ Freeradius proxies on Noble/Oraclular that are configured with
+ "status_check = status-server" (default in Ubuntu) will crash after
+ sending out a status request to an unresponsive server.
+
+ The fix for this issue should be backported to prevent users from
+ experiencing segmentation faults in this case.
+
+ The issue is fixed by an upstream commit that ignores server-side ping
+ packets in stats as parsing them caused the crash.
+
+ [Test Plan]
+
+ This issue can be reproduced using lxd:
+
+ lxc launch ubuntu:{oracular/noble} test-freeradius
+ lxc exec test-freeradius bash
+
+ apt update
+ apt upgrade
+ apt install freeradius
+
+ - Add a test server with an ip that will not respond successfully, pool,
+ and default realm to proxy.conf
+
+ cat <<EOF >/etc/freeradius/3.0/proxy.conf
+ home_server server1 {
+ type = auth
+ ipaddr = 192.168.0.1 # IP without a responsive server
+ port = 1812
+ secret = secret1
+ status_check = status-server
+ }
+
+ home_server_pool server1_pool {
+ home_server = server1
+ }
+
+ realm DEFAULT {
+ nostrip
+ auth_pool = server1_pool
+ }
+ EOF
+
+ - stop background freeradius to run with full debug
+ systemctl stop freeradius
+ freeradius -X
+
+ - In another window:
+ lxc exec test-freeradius bash
+ radtest u...@ubuntu.com pass1 127.0.0.1 0 testing123
+
+ -In the original window, something like the following will show up over
+ time until there is a crash
+
+ (0) Received Access-Request Id 144 from 127.0.0.1:40818 to 127.0.0.1:1812
length 85
+ (0) Message-Authenticator = 0xc0d6ee29e5ab335d043ff29fded35eee
+ (0) User-Name = "u...@ubuntu.com"
+ (0) User-Password = "pass1"
+ ...
+ Waking up in 0.3 seconds.
+ (0) Expecting proxy response no later than 29.666804 seconds from now
+ Waking up in 29.6 seconds.
+ (0) Sending duplicate proxied request to home server 192.168.0.1 port 1812 -
ID: 150
+ (0) Sent Access-Request Id 150 from 0.0.0.0:45332 to 192.168.0.1:1812 length
96
+ (0) Message-Authenticator = 0xc0d6ee29e5ab335d043ff29fded35eee
+ (0) User-Name = "u...@ubuntu.com"
+ (0) User-Password = "pass1"
+ ...
+ (0) Proxy-State = 0x313434
+ Waking up in 24.9 seconds.
+ ...
+ No response to status check 1 ID 198 for home server 192.168.0.1 port 1812
+ Segmentation fault (core dumped)
+
+ - When the issue is fixed, freeradius will send out a status message
+ without crashing and continue waiting
+
+
+ [Where problems could occur]
+
+ Problems would most likely occur during stats processing, in the case
+ where the request_stats_final function is exited prematurely due to a
+ server ping packet.
+
+ [Other Info]
+
+ This issue was caused by an upstream regression after jammy's release version
and was fixed prior to plucky, so only noble and oracular are affected.
+
+ [Original Description]
+
Hi,
+ We upgraded a host running freeradius from Ubuntu 22.04 to Ubuntu 24.04
+ (3.2.5+dfsg-3~ubuntu24.04.2) and noticed freeradius crashes every few
+ minutes. After running the server in debug mode, it seemed like
+ freeradius crashed about 30 seconds after sending a status-server to our
+ configured home_server and not receiving a reply.
- We upgraded a host running freeradius from Ubuntu 22.04 to Ubuntu 24.04
(3.2.5+dfsg-3~ubuntu24.04.2) and noticed freeradius crashes every few minutes.
After running the server in debug mode, it seemed like freeradius crashed about
30 seconds after sending a status-server to our configured home_server and not
receiving a reply.
-
- [ 541.920486] freeradius[2767]: segfault at 44 ip 00005629c2a28d24 sp
+ [ 541.920486] freeradius[2767]: segfault at 44 ip 00005629c2a28d24 sp
00007ffda6fc0cb8 error 4 in freeradius[5629c2a08000+46000] likely on CPU
1 (core 0, socket 1)
-
- Some Googling found a similar report for Almalinux:
https://bugs.almalinux.org/view.php?id=479
+ Some Googling found a similar report for Almalinux:
+ https://bugs.almalinux.org/view.php?id=479
Almalinux's report links to this commit as a fix:
https://github.com/FreeRADIUS/freeradius-
server/commit/3a9449539e4c5a74c85685cad6abe6edf412f701
-
- After changing our home_server configuration from "status_check =
status-server" to "status_check = none", these crashes stopped.
+ After changing our home_server configuration from "status_check =
+ status-server" to "status_check = none", these crashes stopped.
** Also affects: freeradius (Ubuntu Plucky)
Importance: Undecided
Status: New
** Changed in: freeradius (Ubuntu Plucky)
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2104372
Title:
freeradius 3.2.5 crashes when configured with status_check=status-
server and the server is not responding
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/freeradius/+bug/2104372/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
