Hello,
I work for an ISP that has recently started to provide *DSL to
companies, and uses a freeradius server to handle proxied RADIUS
requests from the DSL supplier. Installation, configuration and initial
testing all went fine; however, when the first live clients were
activated today the server appeared to refuse to answer any connections.
A closer look at the log files revealed the following repeated error
message:
Mon Mar 11 20:36:54 2002 : Error: WARNING: Malformed RADIUS packet from
host aaa.bbb.ccc.ddd: Invalid attribute 0
Calling the network people at the supplier revealed they had had a
similar problem with other clients; that this was a 'cosmetic flaw only'
and didn't have any real impact. But yet, the server remained silent.
Some testing from another site using the freeradius client and
hand-hacked parameters had no problems logging in, unless I added the
"bogus" attribute with ID 0 to the dictionary and sent it along, at
which point the same error occured.
Looking into the source, I found that the error lay in src/lib/radius.c
lines 713-721: (With apologies for the long lines)
/*
* Attribute number zero is NOT
* defined.
*/
if (attr[0] == 0) {
librad_log("WARNING: Malformed RADIUS packet from host %s: %Invalid
%attribute %0",
ip_ntoa(host_ipaddr, packet->src_ipaddr));
free(packet);
return NULL;
}
----
What I'd like to know is what exactly the reasoning is behind so drastic
a response. Is there some inherent security flaw or overflow
vulnerability when an attribute is zero? Are there serious specification
problems with it?
I'd prefer not to have to disable this without knowing the reason behind
the check. If anyone would care to enlighten me?
Thanks in advance,
--
Rens Houben
Systemec Internet Services
msg03914/pgp00000.pgp
Description: PGP signature
