Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 16 Jan 2015 08:20:00 +0100
From: Natanael Copa <ncopa@...inelinux.org>
To: Sebastian Gottschall <s.gottschall@...wrt.com>
Cc: musl@...ts.openwall.com
Subject: Re: pthreads broken (freeradius testcase)

On Thu, 15 Jan 2015 23:52:36 +0100
Sebastian Gottschall <s.gottschall@...wrt.com> wrote:

> following test case
> 
> configure freeradius with --with-threads (which is on by default)
> if you start radiusd with your radius configuration you will see that 
> radius does not listen on any ports. it will hang in the listener thread 
> which creates the socket.
> if you configure it as --without-threads, it works
> 
> 
> tested with musl 1.1.6 on a mips (big endian) system using kernel 3.10
> 
> Sebastian

What version of freeradius is it?

I have had some interesting threading issues with freeradius 2.2.x.
Some modules are marked as non-thread safe but will still run in a
separate thread. It runs main thread + a single non-thread-safe thread.

They used getgrnam and getpwnam in both main thread and in the
non-thread-safe module so memory got corrupted. (IMHO this should get a
CVE but upstream disagrees because it only happens on a non-recommended
config)

They fixed that in 3.x.x but AFAIK they didn't fix it in 2.x.x.

Patches:
http://git.alpinelinux.org/cgit/aports/tree/main/freeradius/0001-Use-threadsafe-wrapper-for-getpwnam-getgrnam.patch
http://git.alpinelinux.org/cgit/aports/tree/main/freeradius/0001-use-threadsafe-rad_getgrnam.patch

(upstream patched it differently in 3.x.x branch)

When backporting the fix to 2.x.x I also found that the TLS configure
test is completely broke in 2.x.x branch too. IIRC it will say "TLS
found" but behind the scenes it will still disable TLS support.

patch:
http://git.alpinelinux.org/cgit/aports/tree/main/freeradius/fix-tls-test.patch

This is probably not the related the issue you have have at hand, but
I'm would not be surprised if musl libc has unmasked another bug in
freeradius.


-nc

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.