Project

General

Profile

Actions
Copy link

Bug #16290

open

``diag_authentication.php`` crashes with a core dump if RADIUS client Shared Secret value is not correct

Added by Azamat Khakimyanov 5 months ago. Updated 10 days ago.

Status:
Assigned
Priority:
Normal
Assignee:
Christian McDonald
Category:
Authentication
Target version:
2.9.0
Start date:
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
25.11
Release Notes:
Default
Affected Version:
2.9.0
Affected Architecture:

Description

Tested on 24.11

I added Remote Radius server into /System/User Manager/Authentication Servers and used incorrect Shared Secret, so when I tried to use /Diagnostics/Authentication I got 50x Error ('crash page.png') and in System log there were

Jun 28 17:30:47    php-fpm    627    /diag_authentication.php: Error during RADIUS authentication : Operation timed out
Jun 28 17:30:47    nginx        2025/06/28 17:30:47 [error] 57412#100297: *1645 upstream prematurely closed connection while reading response header from upstream, client: 192.168.122.1, server: , request: "POST /diag_authentication.php HTTP/2.0", upstream: "fastcgi://unix:/var/run/php-fpm.socket:", host: "192.168.122.143", referrer: "https://192.168.122.143/diag_authentication.php" 
Jun 28 17:30:47    kernel        pid 627 (php-fpm), jid 0, uid 0: exited on signal 11 (core dumped)

and Crash report had

Crash report begins.  Anonymous machine information:

amd64
15.0-CURRENT
FreeBSD 15.0-CURRENT #0 plus-RELENG_24_11-n256407-1bbb3194162: Fri Nov 22 05:08:46 UTC 2024     root@freebsd:/var/jenkins/workspace/pfSense-Plus-snapshots-24_11-main/obj/amd64/AKWlAIiM/var/jenkins/workspace/pfSense-Plus-snapshots-24_11-main/sources/FreeBS

Crash report details:

No PHP errors found.

No FreeBSD crash data found.

Files

Download all files
crash page.png (123 KB) crash page.png Azamat Khakimyanov, 06/28/2025 05:39 PM
traffic with RADIUS Server.png (294 KB) traffic with RADIUS Server.png Azamat Khakimyanov, 11/22/2025 06:58 PM
traffic with RADIUS Server.pcap (1.38 KB) traffic with RADIUS Server.pcap Azamat Khakimyanov, 11/22/2025 06:59 PM
Actions
Copy link
 #1

Updated by Azamat Khakimyanov 5 months ago

  • Subject changed from Diagnostics -> Authentication crashed if Shared Secret is not correct to Diagnostics -> Authentication crashes if Shared Secret is not correct
Actions
Copy link
 #2

Updated by Azamat Khakimyanov 3 months ago

Retested on 25.07 and on latest 25.11-DEV (built on Sat Aug 16 6:00:00 UTC 2025)

I see this issue on both tested pfSense versions.

This is the crash report from 25.07

Crash report begins.  Anonymous machine information:

amd64
15.0-CURRENT
FreeBSD 15.0-CURRENT #0 plus-RELENG_25_07-n256508-719054fb1f90: Mon Jul 28 16:47:59 UTC 2025     root@freebsd:/var/jenkins/workspace/pfSense-Plus-snapshots-25_07-main/obj/amd64/KX1V1LAU/var/jenkins/workspace/pfSense-Plus-snapshots-25_07-main/sources/FreeB

Crash report details:

No PHP errors found.

No FreeBSD crash data found.

and crash report from 25.11-DEV 

Crash report begins.  Anonymous machine information:

amd64
15.0-CURRENT
FreeBSD 15.0-CURRENT #69 plus-devel-main-n256476-bcaeedb73405: Sat Aug 16 06:11:00 UTC 2025     root@pfsense-build-release-amd64-1.eng.atx.netgate.com:/var/jenkins/workspace/pfSense-Plus-snapshots-master-main/obj/amd64/nGEIk3xA/var/jenkins/workspace/pfSen

Crash report details:

No PHP errors found.

No FreeBSD crash data found.

Actions
Copy link
 #3

Updated by Christian McDonald 3 months ago

  • Assignee set to Christian McDonald
Actions
Copy link
 #5

Updated by Marcos M 22 days ago

  • Status changed from New to Feedback
  • Priority changed from Low to Normal
  • Target version set to 2.9.0
  • % Done changed from 0 to 100
  • Plus Target Version set to 25.11
  • Affected Version set to 2.9.0

A fix will be included in the next 25.11 build.

Actions
Copy link
 #6

Updated by Marcos M 20 days ago

  • Status changed from Feedback to Resolved
Actions
Copy link
 #7

Updated by Jim Pingle 19 days ago

  • Subject changed from Diagnostics -> Authentication crashes if Shared Secret is not correct to ``diag_authentication.php`` crashes with a core dump if RADIUS client Shared Secret value is not correct
Actions
Copy link
 #8

Updated by Azamat Khakimyanov 10 days ago

Tested on 25.11-RC (built on Fri Nov 21 20:16:00 UTC 2025) and 26.03-DEVELOPMENT (built on Sat Nov 22 6:00:00 UTC 2025)

I still got this crash report when I used incorrect Shared Secret on pfSense:

Crash report begins.  Anonymous machine information:

amd64
16.0-CURRENT
FreeBSD 16.0-CURRENT #4 plus-devel-main-n256498-f2aef3b59aed: Sat Nov 22 06:10:05 UTC 2025     root@pfsense-build-release-amd64-1.eng.atx.netgate.com:/var/jenkins/workspace/pfSense-Plus-snapshots-master-main/obj/amd64/aX6erSXs/var/jenkins/workspace/pfSens

Crash report details:

No PHP errors found.

No FreeBSD crash data found.

In Packet Capture I saw traffic to and from Radius server ('traffic with RADIUS Server.png') and in System log I got

Nov 22 18:49:56    php-fpm    592    ERROR [RADIUS Auth] Error during RADIUS authentication : Operation timed out
Nov 22 18:49:57    nginx        2025/11/22 18:49:57 [error] 42860#100381: *381 upstream prematurely closed connection while reading response header from upstream, client: 192.168.132.1, server: , request: "POST /diag_authentication.php HTTP/2.0", upstream: "fastcgi://unix:/var/run/php-fpm.socket:", host: "192.168.132.40", referrer: "https://192.168.132.40/diag_authentication.php" 
Nov 22 18:49:57    kernel        pid 592 (php-fpm), jid 0, uid 0: exited on signal 11 (core dumped)

BUT if Radius server is not replying, I just got in System Log:

Nov 22 19:19:42    php-fpm    10047    ERROR [RADIUS Auth] Error during RADIUS authentication : Operation timed out

and no Crash happens.

Actions
Copy link
 #9

Updated by Azamat Khakimyanov 10 days ago

  • Status changed from Resolved to Assigned

I'm afraid it hasn't been resolved.

Actions
Copy link

Also available in: Atom PDF