I could reproduce it with FreeRADIUS 3.0.25. I sent a patch for it and CCed to you. Regards, Masashi Honma. 2022年3月27日(日) 21:44 Alexander Clouter <alex+hostapd@xxxxxxxxxxx>: > > Hello, > > The following commit (found by git bisecting) causes eapol_test to segfault for any EAP type (uncovered by our unit tests in FreeRADIUS): > ---- > commit 33cb47cf01912dbd054300fa6c118782cba69812 > Author: Jouni Malinen <quic_jouni@xxxxxxxxxxx> > Date: Fri Jan 28 17:28:49 2022 +0200 > > DPP: Fix connection result reporting when using TCP > ---- > > It gets through to the access-accept without problems but then explodes with a NULL deference of dpp in calling dpp_tcp_conn_status_requested: > ---- > root@b2d619d13ea8:/usr/src/freeradius-server# gdb -args /usr/local/bin/eapol_test -c /usr/src/freeradius-server/s > rc/tests/eap-md5.conf -p 12340 -s testing123 -n > GNU gdb (Debian 10.1-2) 10.1.90.20210103-git > Copyright (C) 2021 Free Software Foundation, Inc. > License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> > This is free software: you are free to change and redistribute it. > There is NO WARRANTY, to the extent permitted by law. > Type "show copying" and "show warranty" for details. > This GDB was configured as "x86_64-linux-gnu". > Type "show configuration" for configuration details. > For bug reporting instructions, please see: > <https://www.gnu.org/software/gdb/bugs/>. > Find the GDB manual and other documentation resources online at: > <http://www.gnu.org/software/gdb/documentation/>. > > For help, type "help". > Type "apropos word" to search for commands related to "word"... > Reading symbols from /usr/local/bin/eapol_test... > (gdb) run > Starting program: /usr/local/bin/eapol_test -c /usr/src/freeradius-server/src/tests/eap-md5.conf -p 12340 -s testing123 -n > warning: Error disabling address space randomization: Operation not permitted > [Thread debugging using libthread_db enabled] > Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". > Reading configuration file '/usr/src/freeradius-server/src/tests/eap-md5.conf' > Line: 4 - start of a new network block > key_mgmt: 0x4 > eap methods - hexdump(len=16): 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 > identity - hexdump_ascii(len=3): > 62 6f 62 bob > password - hexdump_ascii(len=3): > 62 6f 62 bob > Priority group 0 > id=0 ssid='' > Authentication server 127.0.0.1:12340 > RADIUS local address: 127.0.0.1:40255 > ENGINE: Loading builtin engines > ENGINE: Loading builtin engines > EAPOL: SUPP_PAE entering state DISCONNECTED > EAPOL: KEY_RX entering state NO_KEY_RECEIVE > EAPOL: SUPP_BE entering state INITIALIZE > EAP: EAP entering state DISABLED > EAPOL: External notification - portValid=0 > EAPOL: External notification - portEnabled=1 > EAPOL: SUPP_PAE entering state CONNECTING > EAPOL: SUPP_BE entering state IDLE > EAP: EAP entering state INITIALIZE > EAP: EAP entering state IDLE > Sending fake EAP-Request-Identity > EAPOL: Received EAP-Packet frame > EAPOL: SUPP_PAE entering state RESTART > EAP: EAP entering state INITIALIZE > EAP: EAP entering state IDLE > EAPOL: SUPP_PAE entering state AUTHENTICATING > EAPOL: SUPP_BE entering state REQUEST > EAPOL: getSuppRsp > EAP: EAP entering state RECEIVED > EAP: Received EAP-Request id=221 method=1 vendor=0 vendorMethod=0 > EAP: EAP entering state IDENTITY > CTRL-EVENT-EAP-STARTED EAP authentication started > EAP: Status notification: started (param=) > EAP: EAP-Request Identity data - hexdump_ascii(len=0): > EAP: using real identity - hexdump_ascii(len=3): > 62 6f 62 bob > EAP: EAP entering state SEND_RESPONSE > EAP: EAP entering state IDLE > EAPOL: SUPP_BE entering state RESPONSE > EAPOL: txSuppRsp > WPA: eapol_test_eapol_send(type=0 len=8) > TX EAP -> RADIUS - hexdump(len=8): 02 dd 00 08 01 62 6f 62 > Encapsulating EAP message into a RADIUS packet > Learned identity from EAP-Response-Identity - hexdump(len=3): 62 6f 62 > Sending RADIUS message to authentication server > RADIUS message: code=1 (Access-Request) identifier=0 length=120 > Attribute 1 (User-Name) length=5 > Value: 'bob' > Attribute 4 (NAS-IP-Address) length=6 > Value: 127.0.0.1 > Attribute 31 (Calling-Station-Id) length=19 > Value: '02-00-00-00-00-01' > Attribute 12 (Framed-MTU) length=6 > Value: 1400 > Attribute 61 (NAS-Port-Type) length=6 > Value: 19 > Attribute 6 (Service-Type) length=6 > Value: 2 > Attribute 77 (Connect-Info) length=24 > Value: 'CONNECT 11Mbps 802.11b' > Attribute 79 (EAP-Message) length=10 > Value: 02dd000801626f62 > Attribute 80 (Message-Authenticator) length=18 > Value: 8e460acbe70c8b48da0142d7c9a35210 > Next RADIUS client retransmit in 3 seconds > EAPOL: SUPP_BE entering state RECEIVE > Received 92 bytes from RADIUS server > Received RADIUS message > RADIUS message: code=11 (Access-Challenge) identifier=0 length=92 > Attribute 26 (Vendor-Specific) length=12 > Value: 00007d00030600003034 > Attribute 79 (EAP-Message) length=24 > Value: 01de001604108c7cb6617a3e4f2a77bb2f2197b1f09b > Attribute 80 (Message-Authenticator) length=18 > Value: 4f89a0937f997be735e30d607eea06f0 > Attribute 24 (State) length=18 > Value: 136657c013b8531e7277c9ab4159f20f > STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.00 sec > > RADIUS packet matching with station > decapsulated EAP packet (code=1 id=222 len=22) from RADIUS server: EAP-Request-MD5 (4) > EAPOL: Received EAP-Packet frame > EAPOL: SUPP_BE entering state REQUEST > EAPOL: getSuppRsp > EAP: EAP entering state RECEIVED > EAP: Received EAP-Request id=222 method=4 vendor=0 vendorMethod=0 > EAP: EAP entering state GET_METHOD > CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=4 > EAP: Status notification: accept proposed method (param=MD5) > EAP: Initialize selected EAP method: vendor 0 method 4 (MD5) > CTRL-EVENT-EAP-METHOD EAP vendor 0 method 4 (MD5) selected > EAP: EAP entering state METHOD > EAP-MD5: Challenge - hexdump(len=16): 8c 7c b6 61 7a 3e 4f 2a 77 bb 2f 21 97 b1 f0 9b > EAP-MD5: Generating Challenge Response > EAP-MD5: Response - hexdump(len=16): 54 75 a5 8d b5 f8 48 db bf 66 0f 39 5f 07 64 69 > EAP: method process -> ignore=FALSE methodState=DONE decision=COND_SUCC eapRespData=0x55f8f524e3d0 > EAP: EAP entering state SEND_RESPONSE > EAP: EAP entering state IDLE > EAPOL: SUPP_BE entering state RESPONSE > EAPOL: txSuppRsp > WPA: eapol_test_eapol_send(type=0 len=22) > TX EAP -> RADIUS - hexdump(len=22): 02 de 00 16 04 10 54 75 a5 8d b5 f8 48 db bf 66 0f 39 5f 07 64 69 > Encapsulating EAP message into a RADIUS packet > Copied RADIUS State Attribute > Sending RADIUS message to authentication server > RADIUS message: code=1 (Access-Request) identifier=1 length=152 > Attribute 1 (User-Name) length=5 > Value: 'bob' > Attribute 4 (NAS-IP-Address) length=6 > Value: 127.0.0.1 > Attribute 31 (Calling-Station-Id) length=19 > Value: '02-00-00-00-00-01' > Attribute 12 (Framed-MTU) length=6 > Value: 1400 > Attribute 61 (NAS-Port-Type) length=6 > Value: 19 > Attribute 6 (Service-Type) length=6 > Value: 2 > Attribute 77 (Connect-Info) length=24 > Value: 'CONNECT 11Mbps 802.11b' > Attribute 79 (EAP-Message) length=24 > Value: 02de001604105475a58db5f848dbbf660f395f076469 > Attribute 24 (State) length=18 > Value: 136657c013b8531e7277c9ab4159f20f > Attribute 80 (Message-Authenticator) length=18 > Value: 21882ee5c44762351e416f4341aafd12 > Next RADIUS client retransmit in 3 seconds > EAPOL: SUPP_BE entering state RECEIVE > Received 61 bytes from RADIUS server > Received RADIUS message > RADIUS message: code=2 (Access-Accept) identifier=1 length=61 > Attribute 26 (Vendor-Specific) length=12 > Value: 00007d00030600003034 > Attribute 79 (EAP-Message) length=6 > Value: 03de0004 > Attribute 80 (Message-Authenticator) length=18 > Value: 4102427ec3a251a43a339fb22b6bd474 > Attribute 1 (User-Name) length=5 > Value: 'bob' > STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.00 sec > > RADIUS packet matching with station > decapsulated EAP packet (code=3 id=222 len=4) from RADIUS server: EAP Success > EAPOL: Received EAP-Packet frame > EAPOL: SUPP_BE entering state REQUEST > EAPOL: getSuppRsp > EAP: EAP entering state RECEIVED > EAP: Received EAP-Success > EAP: Status notification: completion (param=success) > EAP: EAP entering state SUCCESS > CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully > EAPOL: IEEE 802.1X for plaintext connection; no EAPOL-Key frames required > WPA: EAPOL processing complete > Cancelling authentication timeout > State: DISCONNECTED -> COMPLETED > > Program received signal SIGSEGV, Segmentation fault. > dpp_tcp_conn_status_requested (dpp=0x0) at ../src/common/dpp_tcp.c:2246 > 2246 dl_list_for_each(conn, &dpp->tcp_init, struct dpp_connection, list) { > (gdb) where > #0 dpp_tcp_conn_status_requested (dpp=0x0) at ../src/common/dpp_tcp.c:2246 > #1 0x000055f8f391d434 in wpas_dpp_connected (wpa_s=0x7fff19d483b0) at dpp_supplicant.c:438 > #2 0x000055f8f39a99cc in sm_SUPP_PAE_Step (sm=0x55f8f517dbc0) at ../src/eapol_supp/eapol_supp_sm.c:417 > #3 eapol_sm_step (sm=0x55f8f517dbc0) at ../src/eapol_supp/eapol_supp_sm.c:989 > #4 0x000055f8f39aa3a5 in eapol_sm_rx_eapol (sm=0x55f8f517dbc0, src=<optimized out>, > buf=buf@entry=0x55f8f524dae0 "\003", len=<optimized out>) at ../src/eapol_supp/eapol_supp_sm.c:1384 > #5 0x000055f8f3a64b2e in ieee802_1x_decapsulate_radius (e=0x55f8f3b38d60 <eapol_test>) at eapol_test.c:831 > #6 ieee802_1x_receive_auth (msg=<optimized out>, req=<optimized out>, shared_secret=<optimized out>, > shared_secret_len=10, data=0x55f8f3b38d60 <eapol_test>) at eapol_test.c:945 > #7 0x000055f8f3a65bb6 in radius_client_receive (sock=<optimized out>, eloop_ctx=0x55f8f517d9c0, sock_ctx=0x0) > at ../src/radius/radius_client.c:934 > #8 0x000055f8f38f286f in eloop_sock_table_dispatch (table=table@entry=0x55f8f3b388b0 <eloop+16>, > fds=fds@entry=0x55f8f524d7e0) at ../src/utils/eloop.c:603 > #9 0x000055f8f38f34ad in eloop_sock_table_dispatch (fds=0x55f8f524d7e0, table=0x55f8f3b388b0 <eloop+16>) > at ../src/utils/eloop.c:597 > #10 eloop_run () at ../src/utils/eloop.c:1233 > #11 0x000055f8f38dba25 in main (argc=<optimized out>, argv=<optimized out>) at eapol_test.c:1515 > (gdb) > ---- > > This occurs for both OpenSSL 1.1.1 (Debian 'buster' 11) and 3.0.2 (Debian 'experimental'). > > Let me know if you need anything else. > > Cheers > > -- > Alexander Clouter > > _______________________________________________ > Hostap mailing list > Hostap@xxxxxxxxxxxxxxxxxxx > http://lists.infradead.org/mailman/listinfo/hostap _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
