[defect]: ASSERT FAILED (TACACS+ with dynamic_clients ) #5276

levide · 2024-01-25T08:44:37Z

What type of defect/bug is this?

Crash or memory corruption (segv, abort, etc...)

How can the issue be reproduced?

Virtual server configuration:

server tacacs {
	namespace = tacacs
	tacacs {
		Authentication {
			log {
				stripped_names = no
				auth = yes
				auth_goodpass = no
				auth_badpass = no
				msg_denied = "You are already logged in - access denied"
			}
			session {
				max_rounds = 4
			}
		}
	}
	listen {
		type = Authentication-Start
		type = Authentication-Continue
		type = Authorization-Request
		type = Accounting-Request
		transport = tcp
		limit {
			max_clients = 1000
			max_connections = 1000
			idle_timeout = 60
			nak_lifetime = 300
			cleanup_delay = 5
		}
		tcp {
			port = 49
			ipaddr = *
			dynamic_clients = true
			networks {
				allow = 192.168.11/24
			}

		}
	}
    	new client {
		&control += {
	    		&FreeRADIUS-Client-IP-Address = "%{Net.Src.IP}"
	    		&FreeRADIUS-Client-Require-MA = no
	    		&FreeRADIUS-Client-Secret = "testing123"
	    		&FreeRADIUS-Client-Shortname = "TEST"
	    		&FreeRADIUS-Client-NAS-Type = "other"
		}
		ok
    	}
    	add client {
		ok
    	}
    	deny client {
		ok
    	}
	recv Authentication-Start {
	}
	authenticate PAP {
		pap
	}
	authenticate CHAP {
		chap
	}
	authenticate MSCHAP {
		mschap
	}
	authenticate MSCHAPv2 {
		mschap
	}
	authenticate ASCII {
		pap
	}
	send Authentication-Pass {
		&reply.Server-Message := "Hello %{User-Name}"
	}
	send Authentication-Fail {
		&reply.Server-Message := "Failed login!"
	}
	send Authentication-GetUser {
		&reply.Server-Message := "Username:"
		rest
	}
	send Authentication-GetPass {
		&reply.Server-Message := "Password:"
	}
	recv Authentication-Continue {
		"%{Authentication-Continue-Flags}"
		"%{User-Message}"
		"%{Data}"
	}
	recv Authorization-Request {
		"%{Authentication-Method}"
		"%{Privilege-Level}"
		"%{Authentication-Type}"
		"%{Authentication-Service}"
		"%{User-Name}"
		"%{Client-Port}"
		"%{Remote-Address}"
		"%{Argument-List}"
	}
	send Authorization-Pass-Add {
		&reply.Authorization-Status := Pass-Add
		&reply.Server-Message := "authorization-response-server"
		&reply.Data := "authorization-response-data"
		&reply.Argument-List := "key1=var1"
	}
	recv Accounting-Request {
		#detail
	}
	accounting Start {
	}
	accounting Watchdog-Update {
	}
	accounting Watchdog {
	}
	accounting Stop {
	}
	send Accounting-Success {
		&reply.Server-Message := "Success"
	}
	send Accounting-Error {
		&reply.Server-Message := "Error"
	}
}

In log output you can also see:

that sections are not parsed: new client{}, add client{}, deny client{}
(0) ERROR: Failed decoding packet: Packet should be encrypted, but the secret has zero length
ignore nak_lifetime settings (Ignoring "nak_lifetime = 0", forcing to "nak_lifetime = 1")

Log output from the FreeRADIUS daemon

Info  : Copyright 1999-2023 The FreeRADIUS server project and contributors
Info  : There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
Info  : PARTICULAR PURPOSE
Info  : You may redistribute copies of FreeRADIUS under the terms of the
Info  : GNU General Public License
Info  : For more information about these matters, see the file named COPYRIGHT
Info  : Starting - reading configuration files ...
Debug : Including dictionary file "/home/user/radius-core-v4-master/etc/raddb/dictionary"
gctx 0x55cee11e2060 report
	internal refs src/lib/server/main_config.c (1)
	internal refs src/lib/server/request.c (1)
	internal refs src/lib/tls/base.c (1)
including configuration file /home/user/radius-core-v4-master/etc/raddb/radiusd.conf
Including files in directory "/home/user/radius-core-v4-master/etc/raddb/template.d/"
including configuration file /home/user/radius-core-v4-master/etc/raddb/template.d/default
including configuration file /home/user/radius-core-v4-master/etc/raddb/clients.conf
Including files in directory "/home/user/radius-core-v4-master/etc/raddb/global.d/"
including configuration file /home/user/radius-core-v4-master/etc/raddb/global.d/ldap
including configuration file /home/user/radius-core-v4-master/etc/raddb/global.d/python
Including files in directory "/home/user/radius-core-v4-master/etc/raddb/mods-enabled/"
including configuration file /home/user/radius-core-v4-master/etc/raddb/mods-enabled/chap
including configuration file /home/user/radius-core-v4-master/etc/raddb/mods-enabled/client
including configuration file /home/user/radius-core-v4-master/etc/raddb/mods-enabled/escape
including configuration file /home/user/radius-core-v4-master/etc/raddb/mods-enabled/exec
including configuration file /home/user/radius-core-v4-master/etc/raddb/mods-enabled/files
including configuration file /home/user/radius-core-v4-master/etc/raddb/mods-enabled/linelog
including configuration file /home/user/radius-core-v4-master/etc/raddb/mods-enabled/mschap
including configuration file /home/user/radius-core-v4-master/etc/raddb/mods-enabled/ntlm_auth
including configuration file /home/user/radius-core-v4-master/etc/raddb/mods-enabled/pap
including configuration file /home/user/radius-core-v4-master/etc/raddb/mods-enabled/passwd
including configuration file /home/user/radius-core-v4-master/etc/raddb/mods-enabled/radutmp
including configuration file /home/user/radius-core-v4-master/etc/raddb/mods-enabled/rest
including configuration file /home/user/radius-core-v4-master/etc/raddb/mods-enabled/sradutmp
including configuration file /home/user/radius-core-v4-master/etc/raddb/mods-enabled/stats
including configuration file /home/user/radius-core-v4-master/etc/raddb/mods-enabled/unix
including configuration file /home/user/radius-core-v4-master/etc/raddb/mods-enabled/unpack
including configuration file /home/user/radius-core-v4-master/etc/raddb/mods-enabled/utf8
Including files in directory "/home/user/radius-core-v4-master/etc/raddb/policy.d/"
including configuration file /home/user/radius-core-v4-master/etc/raddb/policy.d/abfab-tr
including configuration file /home/user/radius-core-v4-master/etc/raddb/policy.d/accounting
including configuration file /home/user/radius-core-v4-master/etc/raddb/policy.d/canonicalisation
including configuration file /home/user/radius-core-v4-master/etc/raddb/policy.d/control
including configuration file /home/user/radius-core-v4-master/etc/raddb/policy.d/cui
including configuration file /home/user/radius-core-v4-master/etc/raddb/policy.d/debug
including configuration file /home/user/radius-core-v4-master/etc/raddb/policy.d/dhcp
including configuration file /home/user/radius-core-v4-master/etc/raddb/policy.d/eap
including configuration file /home/user/radius-core-v4-master/etc/raddb/policy.d/filter
including configuration file /home/user/radius-core-v4-master/etc/raddb/policy.d/operator-name
including configuration file /home/user/radius-core-v4-master/etc/raddb/policy.d/time
including configuration file /home/user/radius-core-v4-master/etc/raddb/policy.d/vendor
Including files in directory "/home/user/radius-core-v4-master/etc/raddb/sites-enabled/"
including configuration file /home/user/radius-core-v4-master/etc/raddb/sites-enabled/tacacs
Loaded module process_tacacs
Parsing initial logging configuration.
main {
  prefix = /home/user/radius-core-v4-master
  log {
    destination = files
    syslog_facility = daemon
    local_state_dir = "/home/user/radius-core-v4-master/var"
    logdir = "/home/user/radius-core-v4-master/var/log"
    file = /home/user/radius-core-v4-master/var/log/radius/radius.log
    suppress_secrets = no
  }
}
Parsing security rules to bootstrap UID / GID / chroot / etc.
main {
  log {
  }
  security {
    allow_core_dumps = no
    allow_vulnerable_openssl = no
    openssl_fips_mode = no
  }
  name = radiusd
  local_state_dir = "/home/user/radius-core-v4-master/var"
  run_dir = /home/user/radius-core-v4-master/var/run/radiusd
}
Parsing main configuration
main {
  server tacacs {
    namespace = tacacs
    tacacs {
      Authentication {
        log {
          stripped_names = no
          auth = yes
          auth_badpass = no
          auth_goodpass = no
          msg_denied = "You are already logged in - access denied"
        }
        session {
          timeout = 15
          max = 4096
          max_rounds = 4
        }
      }
    }
Loaded module proto_tacacs
    listen {
      type = Authentication-Start
      type = Authentication-Continue
      type = Authorization-Request
      type = Accounting-Request
      transport = tcp
Loaded module proto_tacacs_tcp
      tcp {
        ipaddr = *
        port = 49
        dynamic_clients = true
        networks {
          allow = 192.168.11/24
        }
        max_packet_size = 4096
        max_attributes = 256
      }
      limit {
        idle_timeout = 60
        max_connections = 1000
      }
      priority {
        Authentication-Start = high
        Authentication-Continue = high
        Authorization-Request = normal
        Accounting-Request = low
      }
    }
  }
  log {
    colourise = yes
  }
  security {
  }
  sbin_dir = "/home/user/radius-core-v4-master/sbin"
  logdir = /home/user/radius-core-v4-master/var/log/radius
  radacctdir = /home/user/radius-core-v4-master/var/log/radius/radacct
  reverse_lookups = no
  hostname_lookups = yes
  max_request_time = 30
  pidfile = /home/user/radius-core-v4-master/var/run/radiusd/radiusd.pid
  debug_level = 0
  max_requests = 16384
  resources {
  }
  thread pool {
    num_networks = 1
Dynamically determined thread.workers = 2
    num_workers = 2
    openssl_async_pool_init = 64
    openssl_async_pool_max = 1024
  }
  migrate {
    rewrite_update = false
    forbid_update = false
  }
  interpret {
  }
}
Switching to configured log settings
radiusd: #### Loading Clients ####
Debugger not attached
trigger { ... } subsection not found, triggers will be disabled
#### Instantiating libraries ####
#### Bootstrapping process modules ####
Bootstrapping process_tacacs "tacacs"
Creating Auth-Type = PAP
Creating Auth-Type = CHAP
Creating Auth-Type = MSCHAP
Creating Auth-Type = MSCHAPv2
Creating Auth-Type = ASCII
#### Bootstrapping protocol modules ####
Bootstrapping proto_tacacs "tacacs.tacacs"
Ignoring "nak_lifetime = 0", forcing to "nak_lifetime = 1"
#### Instantiating libraries ####
#### Bootstrapping modules ####
 modules {
Loaded module rlm_chap
    chap {
      min_challenge_len = 16
    }
Loaded module rlm_client
Loaded module rlm_escape
    escape {
      safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /äéöüàâæçèéêëîïôœùûüaÿÄÉÖÜßÀÂÆÇÈÉÊËÎÏÔŒÙÛÜŸ"
    }
Loaded module rlm_exec
    exec {
      wait = yes
      input_pairs = &request
      shell_escape = yes
      env_inherit = no
      timeout = 10
    }
Loaded module rlm_files
    files {
      filename = /home/user/radius-core-v4-master/etc/raddb/mods-config/files/authorize
      key = "%{%{Stripped-User-Name} || %{User-Name}}"
    }
Loaded module rlm_linelog
    linelog {
      destination = file
      delimiter = "\n"
      file {
        filename = /home/user/radius-core-v4-master/var/log/radius/linelog
        permissions = 0600
        escape_filenames = no
      }
      syslog {
        severity = "info"
      }
      unix {
      }
      tcp {
        server = localhost
        port = 514
        timeout = 2.0
      }
      udp {
        server = localhost
        port = 514
        timeout = 2.0
      }
    }
    linelog log_accounting {
      destination = file
      delimiter = "\n"
      file {
        filename = /home/user/radius-core-v4-master/var/log/radius/linelog-accounting
        permissions = 0600
        escape_filenames = no
      }
      syslog {
        severity = "info"
      }
      unix {
      }
      tcp {
        timeout = 1000
      }
      udp {
        timeout = 1000
      }
    }
Loaded module rlm_mschap
    mschap {
      normalise = yes
      use_mppe = yes
      require_encryption = no
      require_strong = no
      with_ntdomain_hack = yes
      passchange {
      }
      allow_retry = yes
      winbind {
      }
    }
    exec ntlm_auth {
      wait = yes
      shell_escape = yes
      env_inherit = no
    }
Loaded module rlm_pap
    pap {
      normalise = yes
    }
Loaded module rlm_passwd
    passwd etc_passwd {
      filename = /etc/passwd
      format = "*User-Name:Crypt-Password:"
      delimiter = ":"
      ignore_nislike = no
      ignore_empty = yes
      allow_multiple_keys = no
      hash_size = 100
    }
Loaded module rlm_radutmp
    radutmp {
      filename = /home/user/radius-core-v4-master/var/log/radius/radutmp
      username = <<< secret >>>
      check_with_nas = yes
      permissions = 0600
      caller_id = no
    }
Instantiating curl
    curl {
    }
libcurl version: libcurl/7.81.0 GnuTLS/3.7.3 zlib/1.2.11 brotli/1.0.9 zstd/1.4.8 libidn2/2.3.2 libpsl/0.21.0 (+libidn2/2.3.2) libssh/0.9.6/openssl/zlib nghttp2/1.43.0 librtmp/2.3 OpenLDAP/2.5.16
libfreeradius-json: json-c version: 0.15
Loaded module rlm_rest
    rest {
      http_negotiation = default
      connection {
        reuse {
          min = 10
          max = 100
          cleanup_interval = 30s
        }
        connect_timeout = 3.0
      }
      multiplex = yes
      fail_header_decode = no
      fail_body_decode = no
    }
    radutmp sradutmp {
      filename = /home/user/radius-core-v4-master/var/log/radius/sradutmp
      username = <<< secret >>>
      check_with_nas = yes
      permissions = 0644
      caller_id = no
    }
Loaded module rlm_stats
    stats {
    }
Loaded module rlm_unix
    unix {
    }
Loaded module rlm_unpack
Loaded module rlm_utf8
#### Bootstrapping rlm modules ####
Bootstrapping rlm_chap "chap"
Bootstrapping rlm_escape "escape"
Bootstrapping rlm_exec "exec"
Bootstrapping rlm_linelog "linelog"
Bootstrapping rlm_linelog "log_accounting"
Bootstrapping rlm_mschap "mschap"
Bootstrapping rlm_exec "ntlm_auth"
Bootstrapping rlm_rest "rest"
Bootstrapping rlm_unix "unix"
 } # modules
#### Instantiating listeners ####
Compiling policies in server tacacs { ... }
Instantiating proto_tacacs "tacacs.tacacs"
Instantiating process_tacacs "tacacs"
Compiling policies in - recv Authentication-Start {...}
Compiling policies in - send Authentication-Pass {...}
Compiling policies in - send Authentication-Fail {...}
Compiling policies in - send Authentication-GetUser {...}
Compiling policies in - send Authentication-GetPass {...}
Compiling policies in - recv Authentication-Continue {...}
Compiling policies in - authenticate PAP {...}
Compiling policies in - authenticate CHAP {...}
Compiling policies in - authenticate MSCHAP {...}
Compiling policies in - authenticate MSCHAPv2 {...}
Compiling policies in - authenticate ASCII {...}
Compiling policies in - recv Authorization-Request {...}
Compiling policies in - send Authorization-Pass-Add {...}
Compiling policies in - recv Accounting-Request {...}
Compiling policies in - send Accounting-Success {...}
Compiling policies in - send Accounting-Error {...}
Compiling policies in - accounting Start {...}
Compiling policies in - accounting Watchdog-Update {...}
Compiling policies in - accounting Watchdog {...}
Compiling policies in - accounting Stop {...}
...user/radius-core-v4-master/etc/raddb/sites-enabled/tacacs[5]: tacacs  { ... } section is unused
...user/radius-core-v4-master/etc/raddb/sites-enabled/tacacs[58]: new client { ... } section is unused
...user/radius-core-v4-master/etc/raddb/sites-enabled/tacacs[69]: add client { ... } section is unused
...user/radius-core-v4-master/etc/raddb/sites-enabled/tacacs[73]: deny client { ... } section is unused
#### Instantiating rlm modules ####
Instantiating rlm_chap "chap"
Instantiating rlm_passwd "etc_passwd"
Instantiating rlm_files "files"
Reading file /home/user/radius-core-v4-master/etc/raddb/mods-config/files/authorize
Instantiating rlm_linelog "linelog"
Instantiating rlm_linelog "log_accounting"
Instantiating rlm_mschap "mschap"
mschap - Using internal authentication
mschap - Missing option "chap_mppe_keys", setting use_mppe to "no"
Instantiating rlm_pap "pap"
Instantiating rlm_rest "rest"
      xlat {
        request {
          body = "none"
          auth = none
          require_auth = no
          chunk = 0
        }
        response {
          max_body_in = 16k
        }
        timeout = 4.0
        tls {
          require_cert = allow
          check_cert = no
          check_cert_cn = no
          extract_cert_attrs = no
        }
      }
      authorize {
        request {
          method = "GET"
          body = "none"
          auth = none
          require_auth = no
          chunk = 0
        }
        response {
          max_body_in = 16k
        }
        timeout = 4.0
        tls {
          require_cert = allow
          check_cert = no
          check_cert_cn = no
          extract_cert_attrs = no
        }
      }
      authenticate {
        request {
          method = "GET"
          body = "none"
          auth = none
          require_auth = no
          chunk = 0
        }
        response {
          max_body_in = 16k
        }
        timeout = 4.0
        tls {
          require_cert = allow
          check_cert = no
          check_cert_cn = no
          extract_cert_attrs = no
        }
      }
      accounting {
        request {
          method = "GET"
          body = "none"
          auth = none
          require_auth = no
          chunk = 0
        }
        response {
          max_body_in = 16k
        }
        timeout = 4.0
        tls {
          require_cert = allow
          check_cert = no
          check_cert_cn = no
          extract_cert_attrs = no
        }
      }
      post-auth {
        request {
          method = "GET"
          body = "none"
          auth = none
          require_auth = no
          chunk = 0
        }
        response {
          max_body_in = 16k
        }
        timeout = 4.0
        tls {
          require_cert = allow
          check_cert = no
          check_cert_cn = no
          extract_cert_attrs = no
        }
      }
Instantiating rlm_stats "stats"
Scheduler created in single-threaded mode
#### Opening listener interfaces ####
Listening on tacacs_tcp server * port 49 bound to virtual server tacacs
Ready to process requests
proto_tacacs_tcp - starting connection tacacs_tcp from client 192.168.11.251 port 14286 to server * port 49
Listening on tacacs_tcp from client 192.168.11.251 port 14286 to server * port 49 bound to virtual server tacacs
proto_tacacs_tcp - Received Authentication seq_no 1 length 37 tacacs_tcp from client 192.168.11.251 port 14286 to server * port 49
(0)  ERROR: Failed decoding packet: Packet should be encrypted, but the secret has zero length
TIMER - setting idle timeout for connection from client 192.168.11.251
ASSERT FAILED src/lib/io/master.c[1966]: !connection
CAUGHT SIGNAL: Aborted
Backtrace of last 13 frames:
/home/user/radius-core-v4-master/lib/libfreeradius-util.so(fr_fault+0x10a)[0x7f070b4df388]
/home/user/radius-core-v4-master/lib/libfreeradius-util.so(_fr_assert_fatal+0x0)[0x7f070b4e01cf]
/home/user/radius-core-v4-master/lib/libfreeradius-io.so(+0x12e5d)[0x7f070b229e5d]
/home/user/radius-core-v4-master/lib/libfreeradius-io.so(+0x13f95)[0x7f070b22af95]
/home/user/radius-core-v4-master/lib/libfreeradius-io.so(+0x1c4f1)[0x7f070b2334f1]
/home/user/radius-core-v4-master/lib/libfreeradius-io.so(+0x1dc86)[0x7f070b234c86]
/home/user/radius-core-v4-master/lib/libfreeradius-util.so(fr_event_service+0xb52)[0x7f070b50cb02]
/home/user/radius-core-v4-master/lib/libfreeradius-util.so(fr_event_loop+0x67)[0x7f070b50cc15]
/home/user/radius-core-v4-master/lib/libfreeradius-server.so(main_loop_start+0x2e)[0x7f070b395189]
./radiusd(main+0x169c)[0x55cee072a201]
/lib/x86_64-linux-gnu/libc.so.6(+0x29d90)[0x7f070b000d90]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0x80)[0x7f070b000e40]
./radiusd(_start+0x25)[0x55cee0728445]
No panic action set
Aborted

Relevant log output from client utilities

telnet 192.168.11.251
Trying 192.168.11.251...
Connected to 192.168.11.251.
Escape character is '^]'.

User Access Verification

Username:
% Username: timeout expired!Connection closed by foreign host.

Backtrace from LLDB or GDB

ASSERT FAILED src/lib/io/master.c[1966]: !connection
CAUGHT SIGNAL: Aborted
Backtrace of last 13 frames:
/home/user/radius-core-v4-master/lib/libfreeradius-util.so(fr_fault+0x10a)[0x7ffff7ec7388]
/home/user/radius-core-v4-master/lib/libfreeradius-util.so(_fr_assert_fatal+0x0)[0x7ffff7ec81cf]
/home/user/radius-core-v4-master/lib/libfreeradius-io.so(+0x12e5d)[0x7ffff7c11e5d]
/home/user/radius-core-v4-master/lib/libfreeradius-io.so(+0x13f95)[0x7ffff7c12f95]
/home/user/radius-core-v4-master/lib/libfreeradius-io.so(+0x1c4f1)[0x7ffff7c1b4f1]
/home/user/radius-core-v4-master/lib/libfreeradius-io.so(+0x1dc86)[0x7ffff7c1cc86]
/home/user/radius-core-v4-master/lib/libfreeradius-util.so(fr_event_service+0xb52)[0x7ffff7ef4b02]
/home/user/radius-core-v4-master/lib/libfreeradius-util.so(fr_event_loop+0x67)[0x7ffff7ef4c15]
/home/user/radius-core-v4-master/lib/libfreeradius-server.so(main_loop_start+0x2e)[0x7ffff7d7d189]
/home/user/radius-core-v4-master/sbin/radiusd(main+0x169c)[0x55555555b201]
/lib/x86_64-linux-gnu/libc.so.6(+0x29d90)[0x7ffff79e8d90]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0x80)[0x7ffff79e8e40]
/home/user/radius-core-v4-master/sbin/radiusd(_start+0x25)[0x555555559445]
No panic action set

Thread 1 "radiusd" received signal SIGABRT, Aborted.
__pthread_kill_implementation (no_tid=0, signo=6, threadid=140737341330560) at ./nptl/pthread_kill.c:44
44	./nptl/pthread_kill.c: No such file or directory.
(gdb) bt
#0  __pthread_kill_implementation (no_tid=0, signo=6, threadid=140737341330560) at ./nptl/pthread_kill.c:44
#1  __pthread_kill_internal (signo=6, threadid=140737341330560) at ./nptl/pthread_kill.c:78
#2  __GI___pthread_kill (threadid=140737341330560, signo=signo@entry=6) at ./nptl/pthread_kill.c:89
#3  0x00007ffff7a01476 in __GI_raise (sig=6) at ../sysdeps/posix/raise.c:26
#4  0x00007ffff7ec76bd in fr_fault (sig=6) at src/lib/util/debug.c:1057
#5  0x00007ffff7ec81cf in _fr_assert_fail (file=0x7ffff7c2cd6b "src/lib/io/master.c", line=1966, expr=0x7ffff7c2e0ff "!connection", msg=0x0) at src/lib/util/debug.c:1439
#6  0x00007ffff7c11e5d in client_expiry_timer (el=0x5555569bdc80, now=..., uctx=0x5555573c5750) at src/lib/io/master.c:1966
#7  0x00007ffff7c12f95 in mod_write (li=0x5555573c9ee0, packet_ctx=0x5555555f91d0, request_time=..., buffer=0x555557380a20 '\275' <repeats 200 times>..., buffer_len=1, written=0) at src/lib/io/master.c:2357
#8  0x00007ffff7c1b4f1 in fr_network_write (el=0x5555569bdc80, sockfd=22, flags=0, ctx=0x5555573c9fd0) at src/lib/io/network.c:1150
#9  0x00007ffff7c1cc86 in fr_network_post_event (el=0x5555569bdc80, now=..., uctx=0x5555567b9680) at src/lib/io/network.c:1655
#10 0x00007ffff7ef4b02 in fr_event_service (el=0x5555569bdc80) at src/lib/util/event.c:2725
#11 0x00007ffff7ef4c15 in fr_event_loop (el=0x5555569bdc80) at src/lib/util/event.c:2765
#12 0x00007ffff7d7d189 in main_loop_start () at src/lib/server/main_loop.c:214
#13 0x000055555555b201 in main (argc=2, argv=0x7fffffffe558) at src/bin/radiusd.c:981

The text was updated successfully, but these errors were encountered:

The code for NAK later assumes that there is a connection, so the assert is wrong

levide · 2024-01-26T09:16:17Z

Thanks!
ASSERT FAILED fixed

For:

config sections are not parsed: new client{}, add client{}, deny client{}
(0) ERROR: Failed decoding packet: Packet should be encrypted, but the secret has zero length
ignore nak_lifetime settings (Ignoring "nak_lifetime = 0", forcing to "nak_lifetime = 1")

maybee open new separate issues

levide added the defect category: a defect or misbehaviour label Jan 25, 2024

alandekok added a commit that referenced this issue Jan 25, 2024

remove erroneous assert. should help with #5276

89997f4

The code for NAK later assumes that there is a connection, so the assert is wrong

levide closed this as completed Jan 26, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[defect]: ASSERT FAILED (TACACS+ with dynamic_clients ) #5276

[defect]: ASSERT FAILED (TACACS+ with dynamic_clients ) #5276

levide commented Jan 25, 2024 •

edited

levide commented Jan 26, 2024

[defect]: ASSERT FAILED (TACACS+ with dynamic_clients ) #5276

[defect]: ASSERT FAILED (TACACS+ with dynamic_clients ) #5276

Comments

levide commented Jan 25, 2024 • edited

What type of defect/bug is this?

How can the issue be reproduced?

Log output from the FreeRADIUS daemon

Relevant log output from client utilities

Backtrace from LLDB or GDB

levide commented Jan 26, 2024

levide commented Jan 25, 2024 •

edited