[defect]: Consistent keyed balance causes segmentation fault

[meadmaker]

What type of defect/bug is this?

Crash or memory corruption (segv, abort, etc...)

How can the issue be reproduced?

Configure a proxied realm with multiple home servers to be of type consistent-keyed-balance. For example:

home_server 'example1' {
       ipaddr                  = 192.168.10.5
       port                    = 1812
       secret                  = 'sekkret'
       status_check    = status-server
}

home_server 'example2' {
       ipaddr                  = 10.192.168.5
       port                    = 1812
       secret                  = 'sekkret'
       status_check    = status-server
}

home_server_pool 'example' {
       home_server     = 'example1'
       home_server     = 'example2'

       type            = consistent-keyed-balance
}

realm 'example.net' {
       auth_pool       = 'example'
       nostrip
}

Then send an authentication for the configured realm (example.net)

Log output from the FreeRADIUS daemon

Ready to process requests
(0) Received Access-Request Id 0 from 127.0.0.1:56313 to 127.0.0.1:1812 length 169
(0)   User-Name = 'test@painless-security.com'
(0)   NAS-IP-Address = '127.0.0.1'
(0)   Calling-Station-Id = '70-6F-6C-69-73-68'
(0)   Framed-MTU = '1400'
(0)   NAS-Port-Type = 'Wireless-802.11'
(0)   Service-Type = 'Framed-User'
(0)   Connect-Info = 'rad_eap_test + eapol_test'
(0)   EAP-Message = '0x022d001f0174657374407061696e6c6573732d73656375726974792e636f6d'
(0)   Message-Authenticator = '0xf241f6a726f1d42fa19bab75aae1f0c2'
(0) # Executing section authorize from file ./scripts/bin/../../raddb/sites-enabled/default
(0)   authorize {
(0)     update control {
(0)       EXPAND %{Calling-Station-ID} %{User-Name}
(0)          --> 70-6F-6C-69-73-68 test@painless-security.com
(0)       Load-Balance-Key := 70-6F-6C-69-73-68 test@painless-security.com
(0)     } # update control = noop
(0)     policy filter_username {
(0)       if (&User-Name) {
(0)       if (&User-Name)  -> TRUE
(0)       if (&User-Name)  {
(0)         if (&User-Name =~ / /) {
(0)         if (&User-Name =~ / /)  -> FALSE
(0)         if (&User-Name =~ /@[^@]*@/ ) {
(0)         if (&User-Name =~ /@[^@]*@/ )  -> FALSE
(0)         if (&User-Name =~ /\.\./ ) {
(0)         if (&User-Name =~ /\.\./ )  -> FALSE
(0)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))  {
(0)         if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\.(.+)$/))   -> FALSE
(0)         if (&User-Name =~ /\.$/)  {
(0)         if (&User-Name =~ /\.$/)   -> FALSE
(0)         if (&User-Name =~ /@\./)  {
(0)         if (&User-Name =~ /@\./)   -> FALSE
(0)       } # if (&User-Name)  = noop
(0)     } # policy filter_username = noop
(0)     [preprocess] = ok
(0)     [chap] = noop
(0)     [mschap] = noop
(0)     [digest] = noop
(0) suffix: Checking for suffix after "@"
(0) suffix: Looking up realm "painless-security.com" for User-Name = "test@painless-security.com"
(0) suffix: Found realm "painless-security.com"
(0) suffix: Adding Realm = "painless-security.com"
(0) suffix: Proxying request from user test@painless-security.com to realm painless-security.com
(0) suffix: Preparing to proxy authentication request to realm "painless-security.com"
(0)     [suffix] = updated
(0) eap: Request is supposed to be proxied to Realm painless-security.com. Not doing EAP.
(0)     [eap] = noop
(0)     [files] = noop
(0)     [expiration] = noop
(0)     [logintime] = noop
(0)     [pap] = noop
(0)   } # authorize = updated
Segmentation fault

Relevant log output from client utilities

No response

Backtrace from LLDB or GDB

[alandekok]

I've pushed a fix, thanks.