Re: [RadiusNT] screwy username causes RadiusNT 2.5.162 to crash with Dr. Watson

Carlo Gibertini ( (no email) )
Mon, 10 May 1999 22:45:17 -0300

This question has an answer? I have the same problem here and it´s always in
the weekend...

Abraços,

Carlo Gibertini

-----Mensagem original-----
De: Josh Hillman <admin-maillist@talstar.com>
Para: radiusnt@iea-software.com <radiusnt@iea-software.com>
Data: Segunda-feira, 10 de Maio de 1999 15:44
Assunto: [RadiusNT] screwy username causes RadiusNT 2.5.162 to crash with
Dr. Watson

>This morning at 7:50am, RadiusNT 2.5.162 crashed with a Dr. Watson error
after a user dialed up and had garbage come through as the
>username.
>
>The raw stack dump for RadiusNT in drwtsn32.log displays something that
corresponds with the syslogs also (below).
>
>NT Server 4.0 SP 4
>RadiusNT 2.5.162 (runs as service):
> options that are set:
> Trim name
> Require secret
> Allow malformed
> Concurrency control
> Variable login limits
> Ascend max time
> Password replace
>SQL 6.5 SP5a
>MDAC 2.1
>Ascend Max (4048 in this case) OS version 7.0.4
>
>syslog info:
>
>May 10 07:48:01 max2.talstar.com ASCEND: slot 0 port 0, line 1, channel 9,
Incoming Call, MBID 205 [MBID 205]
>May 10 07:48:01 max2.talstar.com ASCEND: slot 4 port 8, Assigned to port,
MBID 205 [MBID 205]
>May 10 07:48:02 max2.talstar.com ASCEND: slot 4 port 8, line 1, channel 9,
Call Connected, MBID 205 [MBID 205]
>May 10 07:48:02 max2.talstar.com ASCEND: call 62 AN slot 4 port 8 56KR
>May 10 07:50:27 max2.talstar.com Radius client timeout (code=1) for user
>hR/V/hXVgiXP^RThRGVPPg\vzVPXP^RTXhRgTPXPPVT\vzV/PhRGTPPg\vzVPXPhRVPTPTPXPPV
T\vzVP-
>May 10 07:53:08 max2.talstar.com ASCEND: slot 4 port 8, Call Terminated
[MBID 205]
>May 10 07:53:08 max2.talstar.com ASCEND: call 62 CL 0K
u=hR/V/hXVgiXP^RThRGVPPg\vzVPXP^RTXhRgTPXPPVT\vzV/PhRGTPPg\vzVPXP+ c=11 p=40
>s=28800 r=26400
>
>drwtsn32.log:
>
>Application exception occurred:
> App: (pid=175)
> When: 5/10/1999 @ 7:50:16.2
> Exception number: c0000005 (access violation)
>
>*----> System Information <----*
> Number of Processors: 2
> Processor Type: x86 Family 5 Model 2 Stepping 12
> Windows Version: 4.0
> Current Build: 1381
> Service Pack: 4
> Current Type: Multiprocessor Free
>
>*----> Task List <----*
> 0 Idle.exe
> 2 System.exe
> 25 smss.exe
> 33 CSRSS.exe
> 39 WINLOGON.exe
> 45 SERVICES.exe
> 48 LSASS.exe
> 74 SPOOLSS.exe
> 100 RPCSS.exe
> 81 msdtc.exe
> 145 DNS.exe
> 151 LLSSRV.exe
> 164 SQLSERVR.exe
> 170 PSTORES.exe
> 175 Radius.exe
> 184 LOCATOR.exe
> 181 SNMP.exe
> 193 SQLEXEC.exe
> 246 SRVANY.exe
> 155 Serv-U32.exe
> 241 logon.scr.exe
> 257 DRWTSN32.exe
> 0 _Total.exe
>
>(00400000 - 00400000)
>(77f60000 - 77fbc000) dll\ntdll.dbg
>(77f00000 - 77f5e000) dll\kernel32.dbg
>(77e70000 - 77ec4000) dll\user32.dbg
>(77ed0000 - 77efc000) dll\gdi32.dbg
>(77dc0000 - 77dff000) dll\advapi32.dbg
>(77e10000 - 77e67000) dll\rpcrt4.dbg
>(77c40000 - 77d7c000) dll\shell32.dbg
>(77aa0000 - 77b14000) COMCTL32.dbg
>(1f490000 - 1f4c5000) dll\ODBC32.dbg
>(78000000 - 78040000)
>(77d80000 - 77db2000) dll\comdlg32.dbg
>(77a90000 - 77a9b000) dll\version.dbg
>(779c0000 - 779c8000) dll\lz32.dbg
>(776d0000 - 776d8000) dll\wsock32.dbg
>(776b0000 - 776c4000) dll\ws2_32.dbg
>(776a0000 - 776a7000) dll\ws2help.dbg
>(1f5d0000 - 1f5e4000) dll\ODBCINT.dbg
>(77bf0000 - 77bf7000) dll\rpcltc1.dbg
>(41230000 - 412ab000) sqlsrv32.DBG
>(41100000 - 4110c000) sqlwoa.DBG
>(77800000 - 7783a000) dll\netapi32.dbg
>(77840000 - 77849000) dll\NetRap.dbg
>(777e0000 - 777ed000) dll\samlib.dbg
>(75a80000 - 75a87000) dll\nddeapi.dbg
>(77c00000 - 77c18000) drv\winspool.dbg
>(1f4d0000 - 1f4e9000) dll\ODBCCP32.dbg
>(77b20000 - 77bd5000) dll\ole32.dbg
>(73310000 - 73318000) dbnmpntw.DBG
>(77660000 - 7766f000) dll\msafd.dbg
>(77690000 - 77699000) dll\wshtcpip.dbg
>
>State Dump for Thread Id 0xae
>
>eax=77e577d8 ebx=0012fe10 ecx=00144e78 edx=00000000 esi=00000070
edi=00000000
>eip=77f67e87 esp=0012fd30 ebp=0012fd98 iopl=0 nv up ei pl zr na po
nc
>cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000
efl=00000246
>
>
>function: ZwReadFile
> 77f67e7c b886000000 mov eax,0x86
> 77f67e81 8d542404 lea edx,[esp+0x4]
ss:00f4e737=????????
> 77f67e85 cd2e int 2e
> 77f67e87 c22400 ret 0x24
> 77f67e8a 8bc0 mov eax,eax
>
>*----> Stack Back Trace <----*
>
>FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name
>0012fd98 77dd8b0e 00000070 00143320 0000021a 0012fdc8 ntdll!ZwReadFile
>0012fdcc 77dd855a 00000070 00143320 0000021a 0012fe10
advapi32!RegisterServiceCtrlHandlerA
>0012fe30 77dd8377 00000070 00143320 0000021a 00000000
advapi32!StartServiceCtrlDispatcherW
>0012fe54 0040d194 0012ff70 77f64c4f 00dc0548 0044c410
advapi32!StartServiceCtrlDispatcherA
>
>*----> Raw Stack Dump <----*
>0012fd30 00 d3 f0 77 70 00 00 00 - 00 00 00 00 00 00 00 00
....wp...........
>0012fd40 00 00 00 00 6c fd 12 00 - 20 33 14 00 1a 02 00 00 ....l...
3......
>0012fd50 00 00 00 00 00 00 00 00 - 00 00 00 00 20 33 14 00 ............
3..
>0012fd60 10 fe 12 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
>0012fd70 98 fd 12 00 e0 fd 12 00 - 04 00 00 00 00 00 00 00
.................
>0012fd80 58 fd 12 00 00 00 00 00 - 20 fe 12 00 74 b8 f3 77 X.......
....t..w
>0012fd90 40 ca f3 77 ff ff ff ff - cc fd 12 00 0e 8b dd 77
@..w...........w
>0012fda0 70 00 00 00 20 33 14 00 - 1a 02 00 00 c8 fd 12 00 p...
3..........
>0012fdb0 00 00 00 00 00 00 00 00 - 50 56 14 00 5c 56 14 00
.........PV..\V..
>0012fdc0 70 00 00 00 e0 fd 12 00 - 00 00 00 00 30 fe 12 00
p...........0...
>0012fdd0 5a 85 dd 77 70 00 00 00 - 20 33 14 00 1a 02 00 00 Z..wp...
3......
>0012fde0 10 fe 12 00 20 33 14 00 - 00 00 00 00 1a 02 00 00 ....
3..........
>0012fdf0 b3 00 00 00 20 33 14 00 - 00 00 00 00 01 00 00 00 ....
3..........
>0012fe00 24 33 14 00 00 00 00 00 - 01 00 00 00 d8 45 14 00
$3...........E..
>0012fe10 00 00 00 00 00 00 00 00 - e4 fd 12 00 04 00 00 00
.................
>0012fe20 b0 ff 12 00 94 11 de 77 - d8 de de 77 ff ff ff ff
........w...w....
>0012fe30 54 fe 12 00 77 83 dd 77 - 70 00 00 00 20 33 14 00 T...w..wp...
3..
>0012fe40 1a 02 00 00 00 00 00 00 - a8 01 15 00 00 f0 fd 7f
.................
>0012fe50 70 00 00 00 80 ff 12 00 - 94 d1 40 00 70 ff 12 00
p.........@.p...
>0012fe60 4f 4c f6 77 48 05 dc 00 - 10 c4 44 00 00 00 00 00
OL.wH.....D.....
>
>State Dump for Thread Id 0xb3
>
>eax=00145768 ebx=00000000 ecx=001457d8 edx=00000000 esi=00000064
edi=00000000
>eip=77f6825b esp=012cfe50 ebp=012cfe74 iopl=0 nv up ei pl zr na po
nc
>cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000
efl=00000246
>
>
>function: NtWaitForSingleObject
> 77f68250 b8c5000000 mov eax,0xc5
> 77f68255 8d542404 lea edx,[esp+0x4]
ss:020ee857=????????
> 77f68259 cd2e int 2e
> 77f6825b c20c00 ret 0xc
> 77f6825e 8bc0 mov eax,eax
>
>*----> Stack Back Trace <----*
>
>FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name
>012cfe74 77f04f97 00000064 ffffffff 00000000 0040d3c7
ntdll!NtWaitForSingleObject
>012cffa8 77dd8cee 00000001 00145658 ffffffff 77f04f3e
kernel32!WaitForSingleObject
>012cffec 00000000 00000000 00000000 00000000 00000000
advapi32!RegisterServiceCtrlHandlerA
>00000000 00000000 00000000 00000000 00000000 00000000 !<nosymbols>
>
>State Dump for Thread Id 0xeb
>
>eax=7cf0fee0 ebx=00dd6100 ecx=00dd8fb8 edx=52682d50 esi=00dd6100
edi=00dd8ffd
>eip=00434161 esp=0163e16c ebp=0163ee08 iopl=0 nv up ei pl zr na po
nc
>cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000
efl=00000246
>
>
>function: <nosymbols>
> 0043414b 7419 jz 00434166
> 0043414d 8a11 mov dl,[ecx]
ds:00dd8fb8=54
> 0043414f 41 inc ecx
> 00434150 84d2 test dl,dl
> 00434152 7464 jz 004341b8
> 00434154 8817 mov [edi],dl
ds:00dd8ffd=82
> 00434156 47 inc edi
> 00434157 f7c103000000 test ecx,0x3
> 0043415d 75ee jnz 0043414d
> 0043415f eb05 jmp 00434166
>FAULT ->00434161 8917 mov [edi],edx
ds:00dd8ffd=????????
> 00434163 83c704 add edi,0x4
> 00434166 bafffefe7e mov edx,0x7efefeff
> 0043416b 8b01 mov eax,[ecx]
ds:00dd8fb8=67505054
> 0043416d 03d0 add edx,eax
> 0043416f 83f0ff xor eax,0xff
> 00434172 33c2 xor eax,edx
> 00434174 8b11 mov edx,[ecx]
ds:00dd8fb8=67505054
> 00434176 83c104 add ecx,0x4
> 00434179 a900010181 test eax,0x81010100
> 0043417e 74e1 jz 00434161
> 00434180 84d2 test dl,dl
>
>*----> Stack Back Trace <----*
>
>FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name
>0163ee08 00414f6c 0045df80 00dd8920 0163ef74 0000000b <nosymbols>
>
>*----> Raw Stack Dump <----*
>0163e16c 0b 00 00 00 11 ed 41 00 - 10 8a dd 00 c7 89 dd 00
.......A.........
>0163e17c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
>0163e18c 00 00 00 00 00 00 00 00 - f0 8d dd 00 00 00 00 00
.................
>0163e19c 01 00 00 00 00 00 0a 00 - 09 00 08 00 00 00 07 00
.................
>0163e1ac 06 00 05 00 04 00 03 00 - 00 00 00 00 02 00 01 00
.................
>0163e1bc 01 00 00 00 00 00 00 00 - 08 00 00 00 00 00 00 00
.................
>0163e1cc 04 00 00 00 ff ff ff ff - 00 00 00 00 00 00 00 00
.................
>0163e1dc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
>0163e1ec 00 00 00 00 00 00 00 00 - bf fc 57 30 59 ac 76 22
...........W0Y.v"
>0163e1fc 1c d2 cf e3 8f 31 86 17 - 00 00 00 00 00 00 00 00
......1..........
>0163e20c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
>0163e21c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
>0163e22c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
>0163e23c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
>0163e24c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
>0163e25c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
>0163e26c 00 00 00 00 00 00 00 00 - 00 00 00 00 41 75 74 68
.............Auth
>0163e27c 65 6e 74 69 63 61 74 65 - 3a 20 66 72 6f 6d 20 4d enticate: from
M
>0163e28c 61 78 20 32 20 2d 20 49 - 6e 76 61 6c 69 64 20 55 ax 2 - Invalid
U
>0163e29c 73 65 72 6e 61 6d 65 0a - 00 72 6e 61 6d 65 0a 00
sername..rname..
>
>State Dump for Thread Id 0xec
>
>eax=00dd7004 ebx=7766b100 ecx=00459680 edx=00000000 esi=01502730
edi=000000c8
>eip=77f6825b esp=0173ec64 ebp=0173ecb8 iopl=0 nv up ei ng nz ac pe
cy
>cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000
efl=00000293
>
>
>function: NtWaitForSingleObject
> 77f68250 b8c5000000 mov eax,0xc5
> 77f68255 8d542404 lea edx,[esp+0x4]
ss:0255d66b=????????
> 77f68259 cd2e int 2e
> 77f6825b c20c00 ret 0xc
> 77f6825e 8bc0 mov eax,eax
>
>*----> Stack Back Trace <----*
>
>FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name
>0173ecb8 77664a12 000000c8 0000005c 00000001 00000004
ntdll!NtWaitForSingleObject
>0173ede0 776b9f5e 00000020 0173ee70 00000000 00000000 msafd!<nosymbols>
>0173ee30 00413feb 00000020 0173ee70 00000000 00000000 ws2_32!select
>
>*----> Raw Stack Dump <----*
>0173ec64 ce 89 66 77 c8 00 00 00 - 01 00 00 00 90 ec 73 01
...fw..........s.
>0173ec74 00 00 00 00 70 ee 73 01 - f8 ec 73 01 2a b2 7f 36
.....p.s...s.*..6
>0173ec84 db 9a be 01 ff ff ff ff - ff ff ff 7f ff ff ff ff
.................
>0173ec94 ff ff ff 7f 00 00 00 00 - 00 00 00 00 00 01 00 00
.................
>0173eca4 c3 49 66 77 5c 00 00 00 - 00 00 00 00 00 00 00 00
..Ifw\...........
>0173ecb4 00 00 00 00 e0 ed 73 01 - 12 4a 66 77 c8 00 00 00
.......s..Jfw....
>0173ecc4 5c 00 00 00 01 00 00 00 - 04 00 00 00 d8 37 d8 00
\............7..
>0173ecd4 70 ee 73 01 08 37 d8 00 - ff ff ff ff ff ff ff 7f
p.s..7..........
>0173ece4 01 00 00 00 00 4b 41 00 - 5c 00 00 00 19 00 00 00
......KA.\.......
>0173ecf4 02 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
>0173ed04 00 00 00 00 00 00 00 00 - 7d 1f 6a 77 98 76 14 00
.........}.jw.v..
>0173ed14 ad 1f 6a 77 14 46 66 77 - 5c 00 00 00 c8 00 00 00
...jw.Ffw\.......
>0173ed24 00 00 00 00 00 00 00 00 - 68 ed 73 01 1b 20 01 00 ........h.s..
...
>0173ed34 50 ed 73 01 18 00 00 00 - 4d 47 66 77 30 27 50 01
P.s.....MGfw0'P.
>0173ed44 5c 00 00 00 d8 37 d8 00 - 80 61 dd 00 1c ee 73 01
\....7...a....s.
>0173ed54 01 00 00 00 01 00 00 00 - 20 00 00 00 10 ef 45 00 ........
......E.
>0173ed64 58 ee 73 01 00 00 00 00 - c1 00 00 00 74 b8 f3 77
X.s.........t..w
>0173ed74 20 cc f3 77 00 00 00 00 - 30 ee 73 01 e4 ec 73 01
...w....0.s...s.
>0173ed84 2c 00 00 00 03 01 00 00 - ec ec 73 01 00 00 00 00
,.........s.....
>0173ed94 44 ed 73 01 00 00 00 00 - a8 ff 73 01 60 98 66 77
D.s.......s.`.fw
>
>