Bugtraq mailing list archives
Re: code to crash radiusd
From: jrichard () LIVINGSTON COM (Josh Richards)
Date: Fri, 17 Apr 1998 10:29:30 -0700
On 15 Apr 1998, Hamdi Tounsi wrote:
Hi all the following will crash radiusd from livingston, 1.16 and 2.0.1 97/5/22 (the latest version) i alerted livingston a few months ago ... a bugfix should be available now
Yep:) Attached is a patch for RADIUS Server 2.0.1; feel free to give it to anyone you like. Note that people running very old versions of ComOS that didn't sign accounting packets will need to upgrade their ComOS to at least release 3.3.1 before applying this patch to their RADIUS server, if they want to keep using RADIUS Accounting. I'll place a copy of the patch on ftp://ftp.livingston.com/pub/le/radius/ There's no patch for RADIUS 1.16; anyone who owns a Livingston PortMaster should upgrade to RADIUS 2.0.1 at http://www.livingston.com/Forms/radiusform.cgi and then apply this patch. *** acct.c.old Fri Apr 17 03:03:23 1998 --- acct.c Fri Apr 17 03:09:04 1998 *************** *** 54,60 **** #define SIGN_NOCLIENT -1 #define SIGN_MATCH 0 - #define SIGN_ZERO 1 #define SIGN_NOMATCH 2 extern char recv_buffer[4096]; --- 54,59 ---- *************** *** 90,95 **** --- 89,98 ---- /* Verify the client */ retsig=calc_acctreq(authreq); + /* To be strictly compliant with the RADIUS Accounting RFC we + only accept packets that returned SIGN_MATCH to + indicate the Request-Authenticator is valid. + */ if (retsig == SIGN_NOCLIENT) { /* We do not respond when this fails */ log_err("accounting: unknown client %s ignored\n", *************** *** 97,103 **** reqfree(authreq); return; } else if (retsig == SIGN_NOMATCH) { ! DEBUG("accounting: client %s sent accounting-request with invalid request authenticator\n",ip_hostname(authreq->ipaddr)); } strcpy(clientname, client_hostname(authreq->ipaddr)); --- 100,108 ---- reqfree(authreq); return; } else if (retsig == SIGN_NOMATCH) { ! log_err("accounting: client %s sent accounting-request with invalid request authenticator\n",ip_hostname(authreq->ipaddr)); ! reqfree(authreq); ! return; } strcpy(clientname, client_hostname(authreq->ipaddr)); *************** *** 132,157 **** sprintf(buffer,"\tTimestamp = %ld\n",curtime); fputs(buffer,outfd); - /* To be strictly compliant with the RADIUS Accounting RFC we - should only accept packets that returned SIGN_MATCH to - indicate the Request-Authenticator is valid, but to provide - compatibility with NASes that haven't implemented that yet - we accept no authenticator (all 0's) or mistaken ones, but - flag them as such. A future release may be more strict. - */ - switch(retsig) { - case SIGN_MATCH: - /* fputs("\tRequest-Authenticator = Verified\n",outfd); */ - break; - case SIGN_NOMATCH: - fputs("\tRequest-Authenticator = Unverified\n",outfd); - break; - case SIGN_ZERO: - fputs("\tRequest-Authenticator = None\n",outfd); - break; - default: - break; - } fputs("\n", outfd); fclose(outfd); /* let NAS know it is OK to delete from buffer */ --- 137,142 ---- *************** *** 314,323 **** */ memset(buffer, 0, sizeof(buffer)); - if (memcmp(buffer,authreq->vector,AUTH_VECTOR_LEN) == 0) { - /* client did not sign accounting-request */ - return(SIGN_ZERO); - } len = build_packet(authreq,buffer); memset(buffer+4, 0, AUTH_VECTOR_LEN); secretlen = strlen((char *)secret); --- 299,304 ---- --jr ---- Josh Richards - <jrichard () livingston com> - [Beta Engineer] LUCENT Technologies - Remote Access Business Unit (formerly Livingston Enterprises, Inc.) http://www.livingston.com/
Current thread:
- Symlink problem (Tested only on a Digital Unix 4.0) root (Apr 06)
- Re: Symlink problem (Tested only on a Digital Unix 4.0) Jonathan A. Zdziarski (Apr 06)
- <Possible follow-ups>
- Re: Symlink problem (Tested only on a Digital Unix 4.0) Paul Szabo (Apr 06)
- Re: Symlink problem (Tested only on a Digital Unix 4.0) John McDonald (Apr 07)