Bug ID 626056: Apmd crashes when using iRule command "ACCESS::policy evaluate"

Last Modified: Dec 20, 2018

Bug Tracker

Affected Product:  See more info
BIG-IP APM(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1

Fixed In:
13.1.0

Opened: Oct 31, 2016
Severity: 2-Critical

Symptoms

Apmd crashes when iRule command "ACCESS::policy evaluate"is used to evaluate the access policy in clientless mode.

Impact

Apmd crashes or restarts.

Conditions

This occurs when following conditions are met: - iRule command "ACCESS::policy evaluate" is used to evaluate the access policy. - If LDAP/AD query agent is configured in access policy to fetch many attributes. If the data is more than 64K, apmd will hit segfault (SIGSEGV) when trying to copy them.

Workaround

Limit the number of attributes in Ldap/AD query agents. Apmd doesn't crash if the total data are less than 64K.

Fix Information

Access Sessions with large amounts of session variable data are now created properly when called from the "ACCESS::policy evaluate" iRule command.

Behavior Change