Hello,
I found a bug in auth.c where the return value of crypt() is
not checked before being used in strcmp(). This caused a segfault
on my setup, as crypt() had errors and returned NULL causing radiusd
to segfault. I have attached a quick patch which fixes this problem,
but it could be done better. I just needed to get it up to prevent
a DoS when any invalid user caused radiusd to die. I am using the
snapshot version 20020530 and the Oracle authentication module. This
is obviously a bug, as the crypt() manpage says it returns NULL on
errors. Feel free to reformat or write a better fix, I would just
like to see this fixed in CVS.
Thanks,
Josh Wilsdon
--- freeradius-snapshot-20020530/src/main/auth.c.dist Wed Jun 5 17:23:57 2002
+++ freeradius-snapshot-20020530/src/main/auth.c Wed Jun 5 17:25:04 2002
@@ -296,10 +296,14 @@
return -1;
}
+ if (crypt((char *)auth_item->strvalue,(char
+*)password_pair->strvalue) != NULL) {
if (strcmp((char *)password_pair->strvalue,
crypt((char *)auth_item->strvalue,
(char *)password_pair->strvalue)) != 0)
result = -1;
+ } else {
+ result = -1;
+ }
break;
case PW_AUTHTYPE_LOCAL:
DEBUG2("auth: type Local");
--
Josh Wilsdon <[EMAIL PROTECTED]> Programmer Analyst
Wizard IT Services - http://www.wizard.ca
Linux Support Specialist - http://linuxmagic.com
Unix Administration, Website Hosting, Network Services, Programming
(604) 589-0037 Beautiful British Columbia, Canada
LinuxMagic is a TradeMark of Wizard Tower TechnoServices Ltd.
--------------------------------------------------------
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to which
they are addressed. If you have received this email in error please
notify the system manager. Please note that any views or opinions
presented in this email are solely those of the author and do not
necessarily represent those of the company.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
